Home / Companies / SSOJet / Blog / Post Details
Content Deep Dive

Risks to CI/CD Secrets in Over 23,000 Repositories and Implications for Software Supply Chain Security

Blog post from SSOJet

Post Details
Company
Date Published
Author
Rajveer Singh
Word Count
547
Company Posts That Month
87
Language
English
Hacker News Points
-
Summary

The compromise of the tj-actions/changed-files GitHub Action, impacting over 23,000 repositories, underscores critical vulnerabilities within software supply chains, especially in CI/CD workflows. Attackers altered the action's code and updated version tags to point to malicious commits, leading to the exposure of sensitive CI/CD secrets such as AWS access keys and GitHub Personal Access Tokens. The incident, detected on March 14, 2025, prompted GitHub to remove the compromised action from the marketplace, and it was later restored to a secure state. Organizations affected by this breach are urged to audit their workflows, rotate exposed credentials, and monitor pipelines for suspicious activity. Mitigation strategies include pinning dependencies, implementing runtime monitoring, restricting permissions, and conducting regular security audits to prevent future attacks. For further guidance, organizations are advised to explore resources and services such as those offered by SSOJet for enhancing security measures and managing user authentication securely.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Secrets Management 6 1,233 139 73 +105%
Real-time 1 4,629 997 226 +44%