From Self-Hosted GitHub Runner to Self-Hosted Backdoor

Living off the pipeline

Supply Chain Security Research - Living Off The Pipeline tools

Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory

Leaking secrets from vulnerable GitHub Actions workflows is possible via several methods: reading files/environment variables, intercepting communication, and dumping runner memory

How We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source Projects

Extracting all repository and organization secrets in GitHub Actions

The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree

A novel GitHub Actions worm exploits the action dependency tree. Attackers compromise an action, then infect dependent actions via branch pushes or tag overwrites, spreading malware recursively