Analysis of the Backdoored XZ Utils Build Process with Harden-Runner

The code was originally sourced from Debian's repository, specifically the debian/5.6.0-0.2 tag.

The GitHub Actions workflow used to run the steps is configured to perform the following:

The workflow integrates Harden Runner to monitor and analyze the build process. Here are the Harden Runner insights from the workflow execution: https://app.stepsecurity.io/github/step-security/xz-clone/actions/runs/9102857670?jobid=25085154668&tab=file-events

Name		Name	Last commit message	Last commit date
Latest commit History 34 Commits
.github/workflows		.github/workflows
build-aux		build-aux
cmake		cmake
debian		debian
debug		debug
doc		doc
dos		dos
doxygen		doxygen
extra		extra
lib		lib
m4		m4
po		po
po4a		po4a
src		src
tests		tests
windows		windows
ABOUT-NLS		ABOUT-NLS
AUTHORS		AUTHORS
CMakeLists.txt		CMakeLists.txt
COPYING		COPYING
COPYING.0BSD		COPYING.0BSD
COPYING.CC-BY-SA-4.0		COPYING.CC-BY-SA-4.0
COPYING.GPLv2		COPYING.GPLv2
COPYING.GPLv3		COPYING.GPLv3
COPYING.LGPLv2.1		COPYING.LGPLv2.1
ChangeLog		ChangeLog
INSTALL		INSTALL
INSTALL.generic		INSTALL.generic
Makefile.am		Makefile.am
Makefile.in		Makefile.in
NEWS		NEWS
PACKAGERS		PACKAGERS
README		README
README.md		README.md
THANKS		THANKS
TODO		TODO
aclocal.m4		aclocal.m4
autogen.sh		autogen.sh
config.h.in		config.h.in
configure		configure
configure.ac		configure.ac

Provide feedback