GitHub Fork Commit Detector Flags Malicious Code in Supply Chains

Your CI pipeline is not less risky than production. It runs with secrets, has internet access, and most engineers treat it as config, not code. Wiz published a full GitHub Actions threat model this week. A few things that stood out: → Untrusted inputs in `run:` steps can trigger script injection without a single PR approval → `GITHUB_TOKEN` is routinely over-permissioned and scoped to the whole repo → Third-party actions are supply chain risk by default. Pinning to a SHA is not optional. → Secrets in env vars leak into logs more often than most teams realize Full breakdown in the comments ↓ #devops #security #githubactions

Hackers Hijacked a GitHub Actions Workflow to Push Malicious Code to PyPI: Elementary Data's open source CLI was the victim, and v0.23.3 is not a version you want installed. Read more: https://lnkd.in/gfgGEaGN 🎪 Step right up to the DevOps community! Join us for an amazing journey of learning and growth.

Hey Engineering Leaders -- see this setting in your GitHub Org Settings? ⬇️ **"Require actions to be pinned to a full-length commit SHA"** Sounds perfect, right? With the recent GH Action security concerns, we thought so. Flip the switch and your CI/CD pipelines are safe from supply chain attacks we thought. Here's the problem: **this applies to transitive dependencies too.** Your action pins `trunk-io/trunk-action@sha123` -- great. But trunk's action internally uses `peter-evans/find-comment@v3`. That's not SHA-pinned. So GitHub blocks your entire workflow. Your options become: - Allowlist every upstream action org -- defeats the purpose - Fork and maintain your own versions -- not fun - File PRs with every upstream action to get them to SHA-pin their deps -- not fun + good luck I do understand why GH built it this way -- actions aren't packaged artifacts from a registry. They're just YAML files pulling other YAML files. Even if YOU pin to a SHA, the action's own `uses:` references can change underneath you. So GH enforces the whole chain or nothing. We're going to go a different direction: SHA-pin everything we control, use zizmor for enforcement, and file PRs upstream where we can. How is your team handling GH Actions supply chain security? Are you enforcing SHA pinning somehow and limiting the use of marketplace actions, or just trusting Dependabot and hoping for the best? We're figuring this out internally, but I'm curious what others are doing in this realm -- share in the comments below! #github #devops #security #supplychainsecurity #cicd #platformengineering #infrastructure #githubactions

I think the bigger problem is what happens when you change that hash for a new version. A hash that points to malware is still a valid hash at the end of the day. You get situations where developers look at a dependabot PR with "oh it's just a patch update" and don't actually verify the changes. Then we find out those "just a patch updates" are secrets theft malware such as in the case of trivy. I hope that the recent supply chain attacks have at least helped send the message to developers that dependency updates are no longer "an easy bump" and should be scrutinized.

Watching the Anthropic GitHub situation unfold recently was a sobering moment for anyone running an engineering team. A minor misconfiguration leaked some internal code. To contain it, an automated DMCA script was deployed. But the script couldn't distinguish between the leaked secret and legitimate developer forks. Thousands of innocent projects got caught in the crossfire before the manual "undo" button was hit. It highlights a tension we are all dealing with: the speed of automation versus the nuance of human judgment. We are building incredibly fast automated defenses to protect our perimeters. But when those scripts are given the authority to execute, like issuing a takedown, without a human circuit breaker, the blast radius is entirely unpredictable. If a critical alert goes off in your infrastructure today, how much autonomy does your containment script have? #CTO #Security #DevOps

GitHub "Require signed commits" is not what you think You can bypass it, at least for the branch protection rules. No exotic tricks. Just use the Git Data API: - create a tree   - create a commit (unsigned)   - create a ref (new branch)  No git push. No signature. Still accepted. Now the interesting part: Drop a workflow into .github/workflows/ and it runs. No normal PushEvent. No friction. Impact: - unsigned code in "protected" branches  - arbitrary GitHub Actions execution   - access to GITHUB_TOKEN and potentially secrets  Root problem: GitHub enforces protections at the push layer, but allows direct Git object writes underneath it. Different layers. Different rules. Translation: "Require signed commits" does not actually mean required unless you use the rulesets. If someone can call /git/commits and /git/refs, your protections are mostly decorative. #Git #git #github #GitHub #Security #security #CICD #cicd

Manifest BOMTakes. The GitHub merge button might be the most dangerous ‘convenience’ in your workflow. And yes, we know that’s a hot take. It’s fast, it’s easy, and it’s exactly why it gets used everywhere. But it also creates messy commit history, hides context, and makes it harder to trace what actually changed when something breaks or a vulnerability shows up. In a world where auditability and security matter more than ever, is that trade-off as harmless as it looks? Alexandra Selldorff Spencer Judd

🚨 The 500,000-Line Mistake: Why Even Giants Fail at Git Anthropic just gave the tech world a masterclass in how fragile security really is. No sophisticated hacking. No zero-day exploits. Just a simple packaging error. 500,000 lines of Claude Code’s internal source code were exposed because of a source map file. 💡 The Automation Paradox In our race to "Automate Everything," we’ve created a massive blind spot. Our CI/CD pipelines, npm publishing, and Docker builds are only as secure as our configuration files. One missing line in a .gitignore can effectively hand over your internal architecture to the public. 🔧 The "Harmless" Push We’ve all done it: git add . git commit -m "fixing bugs" git push origin main It feels productive until you realize a .env file or a /dist folder containing source maps was tagged along for the ride. 📂 Where the Leak Happens Most "leaks" aren't backdoors,they are open windows. Check your .gitignore right now for these often-missed culprits: *.map (Source maps that reconstruct your code) .env (Secrets, API keys, DB strings) *.log (Internal paths and user data) backup/ or tmp/ (Last-minute manual saves) #DevOps #Git #CyberSecurity #CloudEngineering #Azure #Linux #SRE #CodingLife

I built and open-sourced a pipeline that proves whether an artifact was actually built by CI (Sigstore + GitHub Actions + ArgoCD). Because last month proved something uncomfortable: If it’s in your registry, most pipelines just trust it. The March 2026 axios attack wasn’t a CI failure. A threat actor stole an npm maintainer token and pushed malicious versions directly to the registry. No CI compromise. No pipeline breach. Just a valid push. 👉 Millions of downloads 👉 Thousands of pipelines affected 👉 Everything looked legitimate Here’s the real problem: Most pipelines cannot tell whether an artifact was built by their CI or pushed by someone else. Both look identical. Both get deployed the same way. That’s the gap Sigstore solves. Not just signing but proving artifact origin. With Cosign: CI generates an ephemeral key (never stored) Identity is verified via OIDC Fulcio issues a short-lived cert Artifact is signed Rekor logs it publicly Now you can verify: “This image was built by this exact CI pipeline” Verification (this is where most teams fail): cosign verify \ --certificate-identity "https://lnkd.in/gQsRgUBk" \ --certificate-oidc-issuer "https://lnkd.in/g2c-BFSv" \ image:tag If this fails → your cluster should reject it. The pipeline I built: feature → lint/test only PR → full test (no push) main → build + sign + push tag → verify + promote (NO rebuild) prod → human approval + admission policy What this fixes: Stolen registry token ≠ trusted artifact Registry is no longer your root of trust CI identity becomes the source of truth What it doesn’t fix: Compromised CI Malicious commits Vulnerable dependencies The axios attack worked because a push was enough. This model makes a push not enough. Full breakdown and GitHub repo are in the first comment 👇 #DevSecOps #Kubernetes #GitOps #Sigstore #SupplyChainSecurity #CloudNative #PlatformEngineering