当前位置:首页 > 报告详情

“文件更改”改变了一切:揭露并应对 tj-actions 供应链漏洞.pdf

上传人: 竿*** 编号:981913 2025-11-29 106页 5.55MB

1、When Changed FilesChanged EverythingUncovering and Responding to the tj-actions Supply Chain BreachVarun Sharma,Ashish KurmiWhen Changed Files Changed Our Weekend PlansSpoiler:They were definitely changedSpoiler:They were definitely changedEven CISA said Yikes!Top Companies using changed-filesArgoTy

2、peScriptKongPostHogGitHubHugging FaceHashiCorpMetaMicrosoftAgendaHow was the attack detected?What was the malicious code doing?How was the action compromised?How did organizations respond?Lessons learned from the incidentAbout Varun SharmaCo-Founder and CEO of StepSecurity,a cybersecurity startup se

3、curing CI/CD pipelines against supply chain attacksFormer Principal Security Software Engineering Manager at MicrosoftLed Azures Green Team to solve high-risk,systemic security issues.MSc in Information Security from Royal Holloway,University of LondonAbout Ashish KurmiCTO and Co-Founder of StepSecu

4、ritySpecializes in CI/CD and GitHub Actions securityOver 13 years of experience in security engineering at Plaid,Uber,and MicrosoftRecognized leader in developing advanced cybersecurity solutionsIntroduction to GitHub Actions and the tj-actions/changed-files action01.Brief Overview of GitHub Actions

5、Brief Overview of GitHub ActionsBrief Overview of GitHub ActionsBrief Overview of GitHub ActionsBrief Overview of GitHub ActionsBrief Overview of GitHub ActionsBrief Overview of GitHub ActionsBrief Overview of GitHub ActionsBrief Overview of GitHub ActionsBrief Overview of GitHub ActionsBrief Overvi

6、ew of GitHub ActionsBrief Overview of GitHub ActionsDemo:GitHub Actions Workflow RunDemo:GitHub Actions Workflow RunDemo:GitHub Actions Workflow RunPull RequestMerge to mainWorkflow TriggersInitial Detection and Investigation02.Baseline-driven security monitoringBaseline-driven security monitoringBa

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **攻击检测**:2025年3月14日,通过基准驱动安全监控发现异常活动。 - **恶意代码行为**:攻击者通过修改`tj-actions/changed-files`动作,使所有使用该动作的工作流程执行恶意代码,窃取CI/CD机密。 - **攻击过程**:攻击者创建Fork,注入恶意代码,更新标签,使所有使用该动作的工作流程执行恶意代码。 - **组织响应**:GitHub移除受影响动作,并恢复仓库。受影响组织需执行恢复步骤。 - **教训**:加强CI/CD安全监控,实施动作白名单,并针对受影响动作进行响应。 - **攻击者**:攻击者利用合法GitHub域名,模仿合法用户,放大攻击影响。 - **建议**:实施CI/CD运行者安全监控,设置和执行动作白名单,固定第三方GitHub动作到特定提交SHA,并对受影响动作进行响应。
揭秘供应链攻击!" 揭秘恶意代码入侵!" 如何保护你的代码?
客服
商务合作
小程序
服务号
折叠