[Open-Source Tool] Detect & Mitigate GitHub Actions Supply Chain Attack (tj-actions/changed-files) #882
Unanswered
NaveRazy-Navina
asked this question in
Ideas
[Open-Source Tool] Detect & Mitigate GitHub Actions Supply Chain Attack (tj-actions/changed-files)
#882
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
🚨 GitHub Actions Supply Chain Attack Detection Tool
On March 15, 2025, the popular GitHub Action
tj-actions/changed-fileswas compromised, potentially exfiltrating secrets from thousands of CI/CD pipelines.To help teams quickly detect and mitigate the impact, we developed an automated scanner that:
✅ Finds all affected repositories in an organization.
✅ Identifies workflows using
tj-actions/changed-files.✅ Extracts CI/CD logs & scans for leaked secrets (double Base64 encoding detection).
✅ Logs findings for remediation.
🔧 Tool Link: GitHub Actions Security Scanner
🛠 How to Use:
change in file your org name
Security Recommendations:
🚨 If secrets were leaked, rotate all credentials immediately (GitHub tokens, AWS keys, DB credentials).
🔐 Use SHA-pinned GitHub Actions to prevent supply chain attacks.
🛑 Restrict external actions using GitHub’s allow-list feature.
💡 Looking for feedback & contributions!
➡️ Have ideas to improve it? PRs are welcome! GitHub Repo
🔁 Please share with your DevSecOps teams to prevent further exploitation!
Beta Was this translation helpful? Give feedback.
All reactions