PANews reported on March 23 that SlowMist Yuxian tweeted that it used the GitHub Actions CI/CD mechanism to attack Coinbase through the supply chain. Fortunately, it did not continue to succeed, otherwise the next security incident to be exposed would be Coinbase. The supply chain attack path on GitHub:
reviewdog/action-setup -> tj-actions/changed-files -> coinbase/agentkit -> steal GitHub Personal Access Token(PAT), cloud service related keys, etc.
In this regard, Cosine recommends that if companies use reviewdog or tj-actions, they should conduct self-inspections.
