Grafana Labs recently detected a security incident involving a GitHub workflow vulnerability that allowed unauthorized access to a limited number of tokens, which were subsequently invalidated. The breach was identified when a canary token was triggered, prompting an immediate investigation by the security team. The attack involved forking a repository to inject malicious code and extract tokens, but no customer data or production systems were compromised. Grafana Labs responded by removing the affected GitHub Action, disabling public repository workflows, rotating exposed tokens, and auditing their internal workflows for similar vulnerabilities. The company is also enhancing its CI/CD security measures and has launched a full audit of access logs to ensure containment. They emphasize the importance of reporting security issues through their dedicated page and request non-disclosure of vulnerabilities until a fix is announced. Security updates and remediations are published on their blog.