What is CI/CD Threat Modeling?

CI/CD threat modeling is the practice of embedding threat modeling into the continuous integration and delivery pipeline, so analysis runs automatically as part of building, testing, and shipping software — rather than as a separate manual step.

It also has a second meaning: the CI/CD pipeline itself is an attack surface worth threat modeling, since compromised build systems can poison everything they ship. Either way, the key is automation — pipelines move too fast for manual review, so threat modeling has to run continuously and without a human trigger.