Skip to main content

Attack Simulations

Harden-Runner is built based on key learnings of the past software supply chain breaches. You can learn more about these learnings at step-security/attack-simulator open-source project. The following table lists countermeasures implemented by Harden-Runner to defend against malicious patterns that led to major industry-impacting breaches.

1.Block outbound calls that are not in the allowed list to prevent exfiltration of credentialsTo prevent Codecov breach scenario
2.Detect if source code is being overwritten during the build process to inject a backdoorTo detect SolarWinds incident scenario
3.Detect compromised dependencies that make unexpected outbound network callsTo detect Dependency confusion

Read this case study on how Harden-Runner detected malicious packages in the NPM registry.