Case Study: Bazel Defends Against a CI/CD Supply Chain Vulnerability with StepSecurity

Bazel Defends Against a CI/CD Supply Chain Vulnerability with StepSecurity

The maintainers of the Bazel open-source project sought to proactively defend their CI/CD pipelines against potential supply chain attacks on their GitHub Actions workflows. They faced the challenge of securing their environment from a specific command injection vulnerability that could have been exploited to steal credentials and compromise their build system.

StepSecurity addressed this with its Harden-Runner solution, which was implemented to monitor and log all outbound DNS and network calls from their runners. This provided critical visibility and forensic data, confirming the vulnerability had not been exploited. StepSecurity's platform also helped the project apply minimum GITHUB_TOKEN permissions, significantly reducing the potential impact of such an attack and safeguarding the widely used software.

Bazel