Capability-Based Isolation
🔑 Key Takeaway: Capability-based isolation replaces broad ambient permissions with short-lived, task-scoped grants tied to context, so compromised workflows cannot exceed narrowly defined actions.
Capability-based isolation limits what automation can do by granting specific actions under explicit conditions, instead of broad ambient privileges.
In practice: do not give a job “admin” rights when it only needs “read dependency metadata” or “upload artifact to one path”.
Why this matters in DevSecOps
Many incidents are privilege-shape failures, not code execution failures: compromised workflows succeed because credentials are too broad.
Capability scoping reduces blast radius by ensuring that even successful compromise has constrained impact.
Capability model template
Define capabilities as structured policy units:
| Field | Example |
|---|---|
| Subject | ci/workflow/build |
| Action | artifact.upload |
| Resource | registry.example.com/team/app/* |
| Conditions | branch is protected, artifact has provenance, session < 15 min |
| Effect | allow / deny |
CI/CD capability tiers
Tier 1: Validate
- read repository
- execute tests
- no deploy/publish
- no production secrets
Tier 2: Build
- pull dependencies from approved registries
- upload intermediate artifacts
- no release signing keys
Tier 3: Release
- publish signed artifact
- write release metadata
- deploy only to approved environment targets
Map these tiers to separate identities/roles rather than toggling permissions in a single long-lived token.
Implementation patterns
- Use workload identity federation (OIDC) for short-lived credentials.
- Create role-per-purpose identities (validate/build/release/deploy).
- Bind capabilities to both identity and runtime context (repo, branch, environment, workflow name).
- Deny by default; add narrow allow rules.
Audit and revocation requirements
For each capability grant, log:
- who/what requested it
- when it was issued and expired
- what resource/action it enabled
- whether execution succeeded or was denied
Capability revocation should be immediate and automated for suspicious activity.
Common anti-patterns
- “One token to rule them all” for all pipeline stages.
- Reusing static cloud credentials across repositories.
- Capability definitions without contextual conditions.
- Missing visibility into denied actions (blind spots hide attacks).
References
- NIST SP 800-53 Rev. 5 (least privilege and access control): https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final
- NIST SSDF (SP 800-218): https://csrc.nist.gov/pubs/sp/800/218/final
- NIST glossary, Least Privilege: https://csrc.nist.gov/glossary/term/least_privilege
- CISA, Defending Continuous Integration/Continuous Delivery (CI/CD) Environments: https://www.cisa.gov/resources-tools/resources/defending-continuous-integrationcontinuous-delivery-cicd-environments
- Kubernetes, Role Based Access Control: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
- Kubernetes, Pod Security Standards: https://kubernetes.io/docs/concepts/security/pod-security-standards/
- SLSA specification: https://slsa.dev/spec/v1.0/overview