Weekly Security Roundup: CI/CD Trust, Secrets, and Data Controls

by TechHub

This week's security story centered on CI/CD trust and identity/data control. A real supply-chain compromise hit developer pipelines, while GitHub and Microsoft shared concrete steps to reduce drift: dependency locking, tighter secret scope, faster feedback, and more platform-enforced policy. It also continues last week's theme: defenders are adding guardrails to default paths (dependency installs, workflow triggers, org rollouts) where attackers keep showing up.

GitHub Actions supply-chain defense: from a real compromise to platform-level hardening

Microsoft's incident guidance on the Trivy supply-chain compromise was the most urgent item. A malicious Trivy binary (called out as v0.69.4) and compromised actions (aquasecurity/trivy-action, aquasecurity/setup-trivy) were used to steal pipeline credentials. The attacker force-pushed version tags (76 of 77 tags for trivy-action, all 7 for setup-trivy) so workflows pinned to mutable tags like @v1 could silently run attacker code. On self-hosted runners, the payload performed broad discovery and secret harvesting (cloud env vars, AWS IMDS/ECS metadata endpoints, Kubernetes service account mounts and kubectl get secrets --all-namespaces -o json, scans for .env/YAML/JSON, webhook URLs, SSH logs, Vault/DB strings), packaged results (tpcp.tar.gz) with hybrid encryption (AES-256-CBC + RSA), and exfiltrated via HTTP POST to scan.aquasecurtiy[.]org, then ran the legitimate scan to keep jobs green. Mitigations: move to the listed safe versions (Trivy v0.69.2-v0.69.3, trivy-action v0.35.0, setup-trivy v0.2.6), pin third-party actions to verified commit SHAs, tighten GITHUB_TOKEN permissions, restrict allowed actions via org policy, and reduce runner secret exposure (ephemeral runners/clean environments, JIT secret retrieval). Microsoft also provided Defender Advanced Hunting KQL for indicators like the exfil domain, encryption commands, and runner artifact paths. This context makes GitHub's Actions 2026 security roadmap read like a response to the same failure modes, extending last week's “shift checks earlier, govern rollouts” thread into workflow execution. GitHub plans workflow-level dependency locking via a dependencies: section that locks direct/transitive action dependencies to immutable commit SHAs plus cryptographic hashes, compared to Go's go.mod/go.sum. The intended flow is CLI-based: resolve dependencies, commit lock data, and update via re-resolve + diff review; jobs would fail if hashes mismatch, and composite actions would expose nested dependencies. GitHub also plans rulesets for policy-driven workflow execution (who can trigger, which events are allowed), with examples like restricting workflow_dispatch and avoiding pull_request_target in favor of pull_request, plus an evaluate mode before enforcement. “Scoped secrets” would reduce implicit inheritance (notably with reusable workflows) by binding secrets to explicit contexts, and secret management is planned to move into a dedicated role instead of generic write access. Finally, GitHub is adding runner visibility/containment: an Actions Data Stream for near-real-time telemetry to Amazon S3 and Azure Event Hub/Azure Data Explorer, and a native Layer 7 egress firewall for GitHub-hosted runners with monitor/enforce modes designed to hold even if an attacker gets root in the runner VM. The through-line matches last week's security/observability direction: visibility plus enforceable boundaries under stress.

GitHub Code Security: faster PR scanning, broader detections, and more control over secret blocking

GitHub's app security updates focused on making checks faster in PRs while expanding coverage. Continuing last week's “earlier feedback with smoother rollout” theme, CodeQL PR scanning now uses incremental analysis by default for C#, Java, JavaScript/TypeScript, Python, and Ruby. It builds a CodeQL database for the PR diff, combines it with a cached full-repo database, and reports seven-day average speedups that are most noticeable in slower repos (JavaScript/TypeScript up to ~70% for >7-minute baselines; Python ~70%; Ruby ~63%). Constraints: it applies to the default query suite and “build mode none” extraction on github.com, and CodeQL CLI does not support the incremental flow yet. GitHub is also preparing AI-powered security detections (public preview planned early Q2 2026) to complement CodeQL by covering ecosystems and file types that do not map cleanly to semantic SAST. Initial targets are Shell/Bash, Dockerfiles, Terraform (HCL), and PHP, with findings surfaced in the same PR experience as CodeQL. It tracks with last week's AI security operations framing: if teams rely on AI interpretation/remediation, signals must still be observable and governable in standard workflows. GitHub also plans to connect detections to Copilot Autofix so developers can review/apply suggestions in PRs and gate merges via policy enforcement. Secret Scanning push protection gained a new policy surface: push protection exemptions can now be configured in a repository's settings, not only at org/enterprise level. This follows last week's central exemption controls by adding repo-level flexibility for the last mile of rollout. Repo admins can exempt Roles, Teams, and GitHub Apps so pushes are not blocked when secrets are detected, with an explicit tradeoff: exemptions are evaluated at push time and exempt pushes will not generate bypass requests, so teams should align exemptions with audit expectations.

Microsoft Fabric security: network controls, encryption keys, and Purview-driven data protection

Fabric's security updates added enforceable controls that do not require app rewrites, while expanding API support for automation and governance. It extends last week's Fabric/OneLake security direction: keep OneLake/Fabric as a consistent enforcement point as more tools and AI features touch data. Workspace-level IP firewall rules are now GA, allowing workspace admins to restrict inbound access via public IP allowlists once tenant admin enables it. Workspace scope matters: production can be locked to corporate egress IPs while dev stays flexible, layering with Private Link, Entra Conditional Access, outbound protection, and RBAC. This matters for CI/CD, notebooks, Spark, and external services calling Fabric APIs from controlled networks. Customer-managed keys (CMK) for Fabric SQL Database are now GA, configured at the workspace level and integrated with TDE. Once enabled, TDE is automatically on for all SQL databases in that workspace (including tempdb), encrypting data, logs, and backups. Operational focus shifts to Key Vault lifecycle (permissions, rotation, audit), and the post includes verification via sys.dm_database_encryption_keys to confirm encryption_state_desc is ENCRYPTED (or in progress) and encryptor_type is ASYMMETRIC_KEY, consistent with Key Vault-backed protectors. Data protection additions leaned into Purview integration. DLP “restrict access” for OneLake (Preview) expanded to structured OneLake stores (SQL databases, KQL databases, Warehouses), enabling policy-based detection to automatically restrict access across more of the estate. Sensitivity labels are now accessible via Fabric public REST APIs (GA) through Core Items APIs (label IDs surfaced in List/Get/Update and supported on Create), enabling automated inventory and compliant creation, though label updates still require admin bulk label APIs. Purview Insider Risk Management added Fabric Lakehouse indicators (GA) and a faster IRM Data Theft policy creation path (GA), plus a PAYG usage report (GA) for processing-unit costs by workload/indicator. For teams using Fabric Copilot and data agents, Purview DSPM for AI (Preview) adds monitoring for sensitive info in prompts/responses with IRM investigation hooks and governance via audit/eDiscovery/retention, continuing last week's governance-and-observability pattern for day-to-day data work.

Other Security News

GitHub's supply-chain data and IR tooling became more actionable for day-to-day ops. GitHub Security Lab's 2025 open source vulnerability trends recommended using CVSS alongside EPSS to prioritize what is likely to be exploited soon, noted increased npm malware advisories, and tied that to Dependabot's ability to alert on known malicious npm package versions. This continues last week's Dependabot malware-aware additions and can help with tuning alert triage. GitHub also expanded the unauthenticated Credential Revocation API to support revoking exposed OAuth app tokens and GitHub App credentials (including refresh tokens) in bulk, with rate limits (60 requests/hour; up to 1,000 tokens/request) and audit visibility via the token owner's security log. This fits the “tighten trusted surfaces” theme from last week's token warnings: rotate/revoke quickly and do not treat token internals as stable contracts.