Skip to content

v0.20.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 Jun 11:50
· 21 commits to main since this release
v0.20.0
dd942ee

Integrity — scan your repos for the supply-chain worm

A read-only supply-chain integrity scan for the Shai-Hulud / Miasma class of attack: an implant pushed to repos you own that auto-runs the moment you open them in an AI editor (Claude / Cursor / Gemini / VS Code) or install them, then harvests credentials. The attack lives in the GitHub source, not the npm registry — so octoscope, already pointed at the repos you own, is the right place to see it.

Supply-chain integrity scan

On a Repos row, open the action menu (space) and pick Security scan (s). It matches the invariant of the attack, not a single payload filename (which rots the moment the worm renames its dropper), across three filename-agnostic axes:

  • Auto-execution surface — a data-driven catalog of ignition points: AI-agent / editor session hooks, devcontainer & package lifecycle scripts, CI workflows.
  • Blob anomaly — oversized, high-entropy or obfuscated payloads on a matched ignition file, whatever it's called.
  • Provenance anomaly — branch tips forged under a bot identity but not GitHub-signed, or unsigned against an otherwise genuinely-signed history.

Scoring is weighted and explainable: every finding carries the reason it fired, and no single axis reaches the high verdict tiers alone — so a healthy repo reads clean and a real implant reads likely compromised. The drill-in report shows the verdict, the scored findings, an inventory of every auto-executing file in the repo, and per-branch commit-tip provenance. When something's wrong it offers a read-only remediation panel: y copies a reset-not-revert fix script plus the OAuth-grant revoke links. octoscope never mutates the repository.

One targeted query per scan (a single GraphQL refs query + a bounded REST tree/blob fan-out), on demand only — it never rides the always-on dashboard refresh.

Buy me a coffee

A one-off donation (b) now sits alongside recurring GitHub Sponsors (o) in the launch splash.

Notable polish

  • Tuned against the real (now-cleaned) victim repos so ubiquitous / prompt-only surfaces (workflows, copilot-instructions.md, package.json) never drive a verdict on their own, and a GitHub-signed default branch next to an unsigned feature branch reads as normal.
  • The remediation script is shell-safe (single-quote-escaped path array + git for-each-ref iteration); the tree fan-out dedupes to unique tree OIDs with first-error cancellation.

Tests

Unit tests for the scoring matrix, ignition matching, blob heuristics, push-burst detection, the remediation script and the scan rendering; verified end-to-end against the real GitHub API and driven live in the TUI.

Upgrade

brew upgrade gfazioli/tap/octoscope
Assets 8
Loading