New comment by zhenjing in "Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign"

zhenjing — Sat, 25 Apr 2026 08:46:30 +0000

I made a scanner(ActionPin) for the workflow patterns this compromise exposed.

ActionPin — a GitHub Actions hardening checker that flags unpinned third-party actions, overbroad workflow permissions, install scripts that touch secrets, and agent-triggered jobs that can reach production credentials. ActionPin host on github.

Hacker News: zhenjing

New comment by zhenjing in "Bitwarden CLI compromised in ongoing Checkmarx supply chain campaign"