On 3/15/25 14:03, Mark Esler wrote:
On March 14 2025 at 16:57:45 UTC the tj-action/changed-files GitHub action was
compromised with commit 0e58ed8 ("chore(deps): lock file maintenance (#2460)").
This commit was added to all 361 tagged versions of the GitHub action. This
malicious commit results i
Evan (CC'd) wrote tooling to detect tj-actions/changed-files compromises over
the weekend.
tj-scan is now public and aims to help others review logs from their private
and public repos for leaked credentials.
https://github.com/chainguard-dev/tj-scan
Mark
On Sat, Mar 15, 2025 at 12:03 PM Mark
