Supply Chain Security and the Real World:

Lessons from Incidents

​

Adrian Mouat

Technical Community Advocate

Chainguard

• picture of stats, CVE reports

​

3

4

5

6

7

8

9

10

11

12

13

Adrian Mouat

• DevRel Engineer at Chainguard
• Wrote "Using Docker" for O'Reilly

​

• adrian@chainguard.dev
• https://bsky.app/profile/adrianmouat.com
• https://www.linkedin.com/in/adrianmouat/
• https://x.com/adrianmouat

14

Incident 1

CodeCov

June 2021

​

15

17

NEVER do this!

FROM debian

COPY mysecret ./

RUN curl -H 'Authorization: Bearer \

$(cat mysecret)' https://api.example.com

RUN rm mysecret

18

Instead

FROM debian

RUN --mount=type=secret,id=mysec \

curl -H 'Authorization: Bearer \

$(cat /run/secrets/mysec)' \

https://api.example.com

​

$ docker build --secret id=mysec,src=./mysecret .

19

20

bash <(curl -s https://codecov.io/bash)

21

Not totally awful...

• Uses https
• pretty sure it is from codecov
• unlikely mitm
• No sudo
• But really want checksum and/or GPG check
• What if the transfer is interrupted?

22

What to do with these

• Split download and exec steps
• Take a look at code
• Add in checksum for automation
• (or GPG if available)

​

23

Using Checksums

ENV REDIS_DOWNLOAD_URL http://download…redis-7.4.2.tar.gz

ENV REDIS_DOWNLOAD_SHA \

4ddebb…9767dd89dbe712d2b68e808af6a1f

RUN wget -O redis.tar.gz "$REDIS_DOWNLOAD_URL"

RUN echo "$REDIS_DOWNLOAD_SHA *redis.tar.gz" \

| sha256sum -c -

24

Using GPG

Redis Dockerfile good example

​

wget -O /usr/local/bin/gosu.asc "$url.asc"

wget -O /usr/local/bin/gosu "$url"

gpg --batch --keyserver hkps://keys.openpgp.org \

--recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4

gpg --batch --verify /usr/local/bin/gosu.asc \

/usr/local/bin/gosu

25

For Distributing Software

• Put it on a Package Manager
• e.g. homebrew tap
• Provide checksums and signatures
• typically on releases page

26

27

28

Secrets and Environment Variables

​

​

• Generally not a great idea
• Too easily shared
• Accidentally printed in logs

​

29

Secrets and Environment Variables

​

​

• Prefer
• Identity Federation
• Using a Secret Manager
• Temporary files
• secret volumes in k8s

​

30

Incident 2

ChangedFiles

Mar 2025

​

31

tj-actions/changed-files

• GitHub Action modified to leak secrets in logs
• All users of latest version affected
• How were they compromised?

32

​

​

Like all the best stories, it has a (review)dog

33

Photo by charlesdeluvio on Unsplash

reviewdog

• Had automated invites for contributors!
• A PAT for an account was compromised
• Code committed that dumped secrets
• Tags modified to point to malicious commit

34

35

36

Verify Contributors & Contributions

• Hard to vet people
• But automated workflows set you up as a target
• probably A Bad Idea™
• Enforce commit signing
• Run checks for malware
• malcontent

​

37

Restrict Tag Updates

• Use rulesets to stop tags being updated
• Also check your GitHub security configuration

38

Pin Actions to Digests

- uses: chainguard-dev/digestabot@v1.2.2

- uses: chainguard-dev/digestabot@432222…1c95ce2cedac # v1.2.2

• Won't immediately use new version
• But still not perfect
• probably use dependabot to automatically update
• will you really spot the change?
• Also do this for container images

39

Avoid Long-Lived Credentials

• Prefer identity federation
• And short-lived tokens
• And/or revoke credentials on completion
• OIDC
• Chainguard created OctoSTS to replace PATs with short-lived tokens
• https://github.com/apps/octo-sts

40

Incident 3

Shai-Hulud

Sep 2025

​

41

Shai-Hulud

• 500+ NPM Packages compromised
• and GitHub repos
• "Worm" behaviour
• each compromise published further hacked packages
• Forced GitHub to take action
• stopped packages being pushed with IoC

42

Exfiltration

• Made public copies of private repos
• Used trufflehog to identify secrets
• API keys and tokens
• Sent secrets to webhook SaaS
• on free tier so got rate limited!
• still exposed in workflow log

​

43

44

Friends don't let friends publish from a laptop

45

Trusted Publishing

• Don't have NPM tokens!
• Or cargo, PyPI
• OIDC based
• short-lived and tightly scoped tokens
• Works with GitHub, GitLab etc

46

Trusted Publishing

• Configure via NPM/PyPI/Cargo etc
• Example from PyPI

47

Trufflehog

• Legitimate tool
• Scans for secrets
• Use it!
• Or the attackers will

48

Multi Factor Authentication (MFA)

• Do I really need to explain
• Enforce on GitHub & NPM etc
• Buy keys for your devs

49

Wrap Up

​

50

Recap

• Be careful with secrets in container builds
• Verify downloads
• Avoid secrets in environment variables
• Verify contributors and contributions
• Pin actions (and images) to digests
• Avoid long-lived credentials
• Check GitHub Security Config
• Enforce MFA

51

Tooling

• Octo STS (Get rid of GitHub PATs)
• trufflehog (Don't check secrets into Git)
• dependabot/renovate (Keep everything up to date)
• digestabot/frizbee (Pin images and actions to digests)
• yubikey and signed commits (Verify commit provenance)
• malcontent (Identify malicious code or updates)
• grype (Identify known vulnerabilities)
• sigstore (Sign artifacts)

52

"If all ransomware groups suddenly became cybersecurity specialists, and those who are now cybersecurity specialists began pentesting networks, the ransomware would end."

​

wazawaka

53