Recent searches
Search options
If you use the tj-actions/files-changed GitHub Action, there was a compromise of the repo detected last week that caused CI/CD secrets to leak into (on public repos) publicly available log files.
www.stepsecurity.ioHarden-Runner detection: tj-actions/changed-files action is compromised - StepSecuritytj-actions/changed-files
@shawnhooper Same for reviewdog/action-setup (just coming to light in the past few hours)
@kboyd Oh wow. Just reading about that now. Sounds like the reviewdog breach caused the other one. Ouch.
https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
wiz.io · GitHub Action supply chain attack: reviewdog/action-setup | Wiz BlogA supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.