We've recently released open-source tools that would have easily prevented this, before anything runs or added to any pipeline:
1. The maintainers could have used PRevent to immediately alert and block any PR containing malicious code, or easily configured it for detection in case of a direct push: https://github.com/apiiro/PRevent
2. Users could have used our malicious code detection ruleset to immediately detect and block it when scanning updates in all relevant CI/CD stages: https://github.com/apiiro/malicious-code-ruleset
netvarun|11 months ago
https://www.stepsecurity.io/blog/harden-runner-detection-tj-...
moyer|11 months ago
mgiladi|11 months ago
1. The maintainers could have used PRevent to immediately alert and block any PR containing malicious code, or easily configured it for detection in case of a direct push: https://github.com/apiiro/PRevent
2. Users could have used our malicious code detection ruleset to immediately detect and block it when scanning updates in all relevant CI/CD stages: https://github.com/apiiro/malicious-code-ruleset
3. For a better understanding of the detection, the malicious code falls precisely into the patterns presented in our research: https://apiiro.com/blog/guard-your-codebase-practical-steps-...
unknown|11 months ago
[deleted]
unknown|11 months ago
[deleted]
v1sionSec|11 months ago
[deleted]