Skip to content
Latchkey

What Is Egress Filtering in CI? Controlling Where a Build Can Connect

Egress filtering restricts where a CI job is allowed to send data, so a build can reach the services it needs but cannot exfiltrate secrets to an attacker.

Most security focuses on what gets into a build. Egress filtering focuses on what gets out. A compromised dependency that steals your secrets still has to send them somewhere; egress filtering makes that final step fail. By allowing connections only to known-good destinations, it turns a successful theft into a useless one.

The exfiltration problem

A malicious package can read your secrets in milliseconds. The damage only happens when it ships them out, to an attacker URL or IP. If the build cannot reach that destination, the secret never leaves, and the attack is neutralized at the last step.

How egress filtering works

  • Define an allowlist of destinations the build legitimately needs.
  • Block all other outbound connections by default.
  • Log or alert on attempts to reach anything off the list.
  • Tune the allowlist as legitimate dependencies are discovered.

Allowlist vs blocklist

Blocklists fail because attackers use new destinations. A default-deny allowlist is the robust approach: the build can talk to your registry, your cloud, your package mirror, and nothing else. Anything unexpected is blocked and surfaced.

Catching attacks in the act

Beyond blocking, egress filtering is a detection signal. A build step suddenly trying to reach an unknown host is a strong indicator of compromise, a poisoned dependency mid-exfiltration. That alert can trigger an investigation before the next build runs.

Egress control on the runner

Egress filtering has to live at the runner or network boundary, which is hard to retrofit onto an ad hoc self-hosted fleet. Managed, isolated runners can enforce network policy per job as part of a hardened environment, so exfiltration is blocked without each team wiring up firewalls.

Key takeaways

  • Egress filtering controls where a CI job can send data, blocking exfiltration.
  • A default-deny allowlist beats a blocklist against novel attacker destinations.
  • Blocked egress attempts double as a detection signal for compromise.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →