Threat Modeling CI/CD Pipelines: A Dual-Framework Approach Using STRIDE and MITRE ATT&CK

Continuous Integration and Continuous Deployment (CI/CD) pipelines have becomecentral to modern software delivery, yet they represent an increasingly targeted andunderprotected attack surface. While prior work has applied the STRIDE threat modelingframework to individual pipeline components or mapped CI/CD risks to NIST and OWASPcontrols, no study has performed a systematic, tool-specific dual-framework analysiscombining STRIDE with MITRE ATT&CK Enterprise techniques across all major CI/CDplatforms. This paper addresses that gap by constructing a comprehensive threat modelfor CI/CD pipelines implemented using GitHub Actions, Jenkins, and GitLab CI. Wedecompose a representative pipeline into six stages — source control, build, test, artifactregistry, deployment, and runtime monitoring — and apply STRIDE per stage to enumerate26 distinct threat instances. For each threat, we provide a corresponding MITRE ATT&CKtechnique mapping, a severity classification, and a concrete mitigation control. Our analysisreveals that build-stage tampering and deployment-stage spoofing carry the highestcritical-severity density, and that MITRE ATT&CK technique T1195 (Supply ChainCompromise) underlies the majority of high-severity threats. We further highlight thatDenial of Service threats, while low-severity in most pipeline contexts, remainsystematically unaddressed by SLSA maturity levels. The resulting threat-ATT&CKmapping matrix constitutes a reusable reference artifact for practitioners seeking to adopta risk-driven approach to DevSecOps pipeline hardening