Note: The GitLab product did not use any of the compromised package versions mentioned in this post. In the span of 12 days, four separate supply chain attacks revealed that continuous integration and continuous delivery (CI/CD) pipelines have become a high-value target for sophisticated threat actors. Between March 19 and March 31, 2026, threat actors compromised: an open-source security scanner (Trivy) an infrastructure-as-code (IaC) security scanner (Checkmarx KICS) an AI model gateway (LiteLLM) a JavaScript HTTP client (axios) Each attack shared the same surface: the build pipeline. This article shows what happened , why pipelines can be uniquely vulnerable , and how centralized policy enforcement with GitLab — using policies defined below — can block, detect, and contain these classes of attack before they reach production.…