Hacker News new | past | comments | ask | show | jobs | submit login
Popular GitHub Action tj-actions/changed-files is compromised (semgrep.dev)
282 points by moyer 70 days ago | hide | past | favorite | 4 comments



@dang: The original URL (from Step Security, the company that discovered this flaw) is a better source for this:

https://www.stepsecurity.io/blog/harden-runner-detection-tj-...


Yeah maybe we can merge with https://news.ycombinator.com/item?id=43367987


Comments moved thither. Thanks!


We've recently released open-source tools that would have easily prevented this, before anything runs or added to any pipeline:

1. The maintainers could have used PRevent to immediately alert and block any PR containing malicious code, or easily configured it for detection in case of a direct push: https://github.com/apiiro/PRevent

2. Users could have used our malicious code detection ruleset to immediately detect and block it when scanning updates in all relevant CI/CD stages: https://github.com/apiiro/malicious-code-ruleset

3. For a better understanding of the detection, the malicious code falls precisely into the patterns presented in our research: https://apiiro.com/blog/guard-your-codebase-practical-steps-...


[dupe]




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: