Skip to content

Enable Tracebit Community Edition Canaries for GitHub Workflows#23

Merged
dreadn0ught merged 1 commit into
mainfrom
_gh_integration-b3496b2ea95243d493b5d2a8f6795074
Jun 12, 2026
Merged

Enable Tracebit Community Edition Canaries for GitHub Workflows#23
dreadn0ught merged 1 commit into
mainfrom
_gh_integration-b3496b2ea95243d493b5d2a8f6795074

Conversation

@tracebit-community-edition

Copy link
Copy Markdown
Contributor

What this PR does

Adds the Tracebit Community Edition action to your GitHub Actions workflows. The action issues short-lived AWS credentials and SSH keys to each job; if any of those credentials are ever used, Tracebit will alert you.

Goal

Cover 100% of your workflows so supply chain compromise of your GitHub Actions is detected.

Before merging

Make sure the SECURITY_API_TOKEN secret is set on this repository (or at the organization level), otherwise the action cannot issue credentials.

For more information return to the Tracebit Community Edition portal.

@osspreyqa

osspreyqa Bot commented May 15, 2026

Copy link
Copy Markdown

SBOM submitted! Check the Ossprey platform: https://dashboard.ossprey.com/asset/?id=ossprey%2Fossbom

@osspreyqa

osspreyqa Bot commented May 15, 2026

Copy link
Copy Markdown

Warning! Potential malware in this PR. Please review the vulnerability report.

@dreadn0ught dreadn0ught merged commit cc8e0e3 into main Jun 12, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant