step-security · Crawled Jul 5, 2026

StepSecurity Maintained Actions Are Now Free for Public Repos

2 IoCs 1 CVEs
Read original article ↗

AI Summary

In March 2025, the tj-actions/changed-files GitHub Action, used by over 23,000 repositories, was compromised in a supply chain attack that exfiltrated CI/CD secrets via malicious code injected through tampered version tags. StepSecurity detected the incident using its Harden-Runner tool and provided a secure, drop-in replacement, step-security/changed-files, which has since been adopted by thousands of projects. This event highlighted the risks of relying on unmaintained third-party GitHub Actions and led StepSecurity to make its catalog of 500+ maintained, security-hardened actions freely available for public repositories to improve overall CI/CD security across the open-source ecosystem.

AI-extracted · verify before operational use

Extracted Entities 1 found

Indicators of Compromise 2 extracted

Type Value Detail
GitHub Repo tj-actions/changed-files Details →
GitHub Repo step-security/changed-files Details →

MITRE ATT&CK TTPs 1 techniques