bug: The GitHub Workflows are not protected against supply chain attacks #553
Description
Component
Other
Summary
The GitHub Workflows are not protected against supply chain attacks.
The recent supply chain attacks on Trivy, LiteLLM, Checkmarx KICS, and other popular projects have shown that vulnerable GitHub Actions can be used to exfiltrate GitHub Tokens and other sensitive data, such as API keys, from ENV variables.
To prevent exfiltration, we can use the free Harden Runner GitHub Actions from StepSecurity to allow egress traffic only to trusted domain names and ports.
I will create the PR to run the egress audit by default, which will later allow only the domain names used by GitHub Actions by restricting the other untrusted domain names.
Latest supply chain attacks:
Trivy: https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release
LiteLLM: https://www.stepsecurity.io/blog/litellm-credential-stealer-hidden-in-pypi-wheel
Checkmarkx KICS: https://www.stepsecurity.io/blog/checkmarx-kics-github-action-compromised-malware-injected-in-all-git-tags
Reproduction steps
In case you run a GitHub Actions that has been hacked, like for Trivy or a future version of the GitHub Actions you already use in your workflows, the GITHUB_TOKEN and all the other ENV variables can be sent to a malicious URL.
With the GITHUB TOKEN, a malicious actor can release a new version of Mistral Vibe that includes a crypto-mining library, a credential stealer, and other malicious components.
Versions / environment
All releases