Attack Simulations
Harden-Runner is built based on key learnings of the past software supply chain breaches. You can learn more about these learnings at step-security/attack-simulator open-source project. The following table lists countermeasures implemented by Harden-Runner to defend against malicious patterns that led to major industry-impacting breaches.
| Countermeasure | Threat | |
|---|---|---|
| 1. | Block outbound calls that are not in the allowed list to prevent exfiltration of credentials | To prevent Codecov breach scenario |
| 2. | Detect if source code is being overwritten during the build process to inject a backdoor | To detect SolarWinds incident scenario |
Read this case study on how Harden-Runner detected malicious packages in the NPM registry.