harden-runner VS auth

Fortunately there is a great free online tool that help you by doing all the hard work (it will open a pull-request and automatically fix issues).

If using GitHub Actions for CI/ CD, Harden Runner (https://github.com/step-security/harden-runner) can be used to audit and block DNS exfiltration. Outbound calls from CI are predictable (to source repo, artifact registry, etc.) and don't change often.

As part of writing tests for Harden Runner GitHub Action, which prevents such attacks, there was a need to write attack simulator for these attacks.

I am not too familiar with GitLab, to be honest, but: - Commit/PR linting (to be in tandem with semantic versioning) is implemented via third-party GitHub Actions (https://github.com/amannn/action-semantic-pull-request and https://github.com/wagoid/commitlint-github-action), these might be hard to transfer - Blocking egress to mitigate supply chain attacks is performed by step security’s Harden Runner (https://github.com/step-security/harden-runner), you may raise a question there about GitLab support - CodeQL support is GitHub only AFAIK (but you would have to verify it)

I've found StepSecurity's tooling helpful in getting my repos secured.

* https://app.stepsecurity.io/securerepo

I agree. There are projects such as https://github.com/ossf/package-analysis and https://github.com/step-security/harden-runner that do behavior analysis. Disclaimer: I’m maintainer of the second one.

So if you are concerned about this, I'd suggest looking at the following:

* OpenSSF Scorecard Action - https://github.com/ossf/scorecard#scorecards-github-action

* Step Security Harden Action - https://github.com/step-security/harden-runner

I realize that this means trusting these providers but they seem at least tacitly blessed by GitHub. https://docs.github.com/en/actions/security-guides/security-...

Few hours back several malicious packages were released on npm registry. This video shows how some of these packages are making outbound calls as part of the preinstall step when executed in a GitHub Actions workflow. DNS Exfiltration and network calls detected by Harden-Runner GitHub Action https://github.com/step-security/harden-runner

I've been happy with Ente Auth

https://github.com/ente-io/auth

I can highly recommend Ente Photos[0]. It has automatic backup, and a very good replication architecture for maximum reliability[1]. It's also super easy to use and everything is encrypted by default.

[0] https://ente.io/

Running machine learning on device.

Context: I'm working on an e2ee alternative to Google Photos[1] where we have to cluster embeddings (for face recognition) and run similarity searches (for semantic search[2]) on device.

[1]: https://ente.io

[2]: https://openai.com/research/clip

> there is no better alternative

If your primary device is Android, please check out Ente[1].

We are an E2EE alternative to Google Photos. We had launched on HN[2] a while ago, and have been working towards feature parity. We aren't "there" yet, but hope to soon be.

If you've any feedback, please share it with [email protected], I'd be grateful!

[1]: https://ente.io

[2]: https://news.ycombinator.com/item?id=28347439

I use: Signal, ente.io and the Proton suite of producs. And tresorit as well. I kinda trust those things.

Proton is starting to become more like https://ente.io