Most of the times compromised dependencies and build tools make outbound requests. This GitHub Action monitors the GitHub-hosted runner for outbound requests and allows setting a policy to block based on allowed endpoints.<p>More details at: Introducing Harden-Runner: GitHub Action to prevent supply chain attacks: <a href="https://blog.stepsecurity.io/introducing-harden-runner-github-action-to-prevent-supply-chain-attacks-91a030b67a77" rel="nofollow">https://blog.stepsecurity.io/introducing-harden-runner-githu...</a>
Bypass idea 1: exfiltrate data to known hosts. For example, "github.com" is likely whitelisted - so post stolen credentials as an issue comment in a little-known repository? Or maybe push the stolen data to some repo?<p>Bypass idea 2: before exfiltrating data, stop (or somehow mess with) the agent. After all, both github actions and user code have the same permissions on the runner.