Annotation: The article addresses the problem of detecting potentially malicious activity in CI/CD pipelines during the build process through the analysis of runner behavior. The limitations of existing pipeline security tools related to threat detection during build execution are identified, as well as promising approaches to detecting mali-cious activity. A way for detecting potentially malicious activity in pipelines using the eBPF technology for collecting and analyzing runner behavior has been pro-posed. The accuracy of the detection is evaluated using a dataset that contains im-plementations of malicious scenarios related to build process compromise. The re-sults obtained can be used to implement protection tools for CI systems and con-tribute to research in CI/CD pipelines security.

Keywords: CI/CD pipelines, DevSecOps, malicious activity, anomaly detection, eBPF, behavioral analysis, syscalls