reviewdog and tj-actions leaked CI secrets
The March 2025 GitHub Actions campaign chained a leaked SpotBugs maintainer PAT into reviewdog/action-setup, then into tj-actions/changed-files.
Story
This campaign moved through CI trust one mutable tag at a time. Unit 42 traced the earliest known access to a SpotBugs maintainer PAT leaked in December 2024. Months later, that credential was used to move the reviewdog/action-setup v1 tag to malicious code, placing the attacker inside workflows that trusted the official reviewdog action.
The reviewdog compromise became the bridge into tj-actions. When tj-actions/changed-files ran a CI workflow that depended on reviewdog/action-setup through tj-actions/eslint-changed-files, the malicious reviewdog code stole a GitHub token with write access to tj-actions/changed-files. The attacker then used that token to point changed-files tags at malicious commits.
The first changed-files abuse appears to have targeted Coinbase's agentkit repository. After that workflow was removed, the attacker widened the blast radius by replacing all tj-actions/changed-files tags with a malicious commit. Public repositories that ran the action could print secrets into public workflow logs, often as double-encoded base64 output.
The leak surface was unusual because the attacker did not need to exfiltrate secrets to a private server. In public repositories, the malicious action could write secret material into public workflow logs, leaving exposure behind even after the tag was restored.
The campaign shows the thin line between dependency metadata and credential disclosure. No package manager was needed; trusted GitHub Action tags were the distribution system. The practical mitigation was to rotate exposed secrets, remove or pin affected actions by full commit SHA, and audit workflow logs from the exposure window.
Linked Attacks
2025
Attackers used a token stolen through the reviewdog/action-setup compromise to rewrite tj-actions/changed-files tags to a malicious commit.
Attackers compromised a contributor's Personal Access Token (PAT), traced back to an earlier leak from the SpotBugs project, which granted write access.
Campaign Context
- Cause
- Unknown
- User Impact
- 23000
Affected Packages
Notes
- Unit 42 reported a targeted Coinbase phase before the broad tj-actions tag replacement.
- The Register and StepSecurity reported more than 23,000 repositories used tj-actions/changed-files; this is exposure count, not a confirmed victim count.
External References
- Supply Chain Compromise of tj-actions/changed-files and reviewdog/action-setupcisa.gov
- New GitHub Action supply chain attack reviewdog/action-setupwiz.io
- GitHub Action tj-actions/changed-files supply chain attackwiz.io
- GitHub supply chain attack spills secrets from 23,000 projectstheregister.com
- GitHub Actions Supply Chain Attackunit42.paloaltonetworks.com
Source record: oss/campaigns/reviewdog-tj-actions-2025/meta.yaml