BoostSecurity Labs is the security research arm of BoostSecurity.io, a Montréal-based startup focused on securing software supply chains. Our team hunts vulnerabilities in CI/CD pipelines, discloses responsibly, and builds open source tools to help defenders.
We research attack techniques targeting build pipelines, publish original vulnerability disclosures, and maintain open source security tools. Our work has uncovered hundreds of zero-days in open source projects' CI/CD systems.
Pipeline security, GitHub Actions exploitation, Living Off The Pipeline (LOTP) techniques, supply chain attacks, CI/CD threat modeling, and secrets management.
For responsible disclosure, reach us at security@boostsecurity.io
For research collaboration, find us on GitHub or LinkedIn.