Our great sponsors
-
harden-runner
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
-
supply-chain-goat
Discontinued Hands-on tutorials to learn about software supply chain security (by varunsh-coder)
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
Few hours back several malicious packages were released on npm registry. This video shows how some of these packages are making outbound calls as part of the preinstall step when executed in a GitHub Actions workflow. DNS Exfiltration and network calls detected by Harden-Runner GitHub Action https://github.com/step-security/harden-runner
This is one of the GitHub Actions workflow runs: https://github.com/varunsh-coder/supply-chain-goat/actions/runs/2037070162
Related posts
- Push code with GitHub Actions to Google Cloud’s Artifact Registry
- How to publish on npm with `--provenance` using Lerna-Lite
- you must have the "bigquery.datasets.create" permission on the selected project
- IAM Best Practices [cheat sheet included]
- harden-runner: Protect your CI/CD pipeline from SolarWinds and Codecov-Type Attacks with the Harden-Runner Security Agent