As the repo is was taken down is someone able to tell me when was the malicious commit pushed. Trying to get a timeline to see if any workflows using this action were trigger in that timeframe. Thank you
Readit NewsDead Comment
v1sionSec commented on Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos stepsecurity.io/blog/hard... · Posted by u/varunsharma07
Your secrets will be published to the CI log if you were affected.
I believe it's everything since around 10pm ET last night. I would consider any runs in the past 24 hours to be suspect.
Thank you, unfortunately we have a multiple of repositories with multiple runs that use this action so checking the logs one by one will be hard. Any idea how to get all logs?
Thank you
Dead Comment