Josh welcomes back François Proulx to talk about the absolute madness in the CI/CD universe right now. We also learn about François’ new project SmokedMeat which is a tool to help you hack your own CI/CD. When Josh spoke to François a year ago, the world was a very different place than it is today. François has a ton of knowledge about how we got here and what we can do moving forward. Boost Security has a bunch of amazing open source tools François built that can help keep CI/CD systems understood and locked down.

This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player.

Episode Transcript

Josh Bressers (00:00) Today open source security welcomes back. François Proulx He’s a VP of security research at Boo Security. François was on, we were just chatting before I hit record. François was on in February of twenty twenty five to talk about CI/CD security. And I feel like that was a very Cassandra moment.

Holy crap, dude.

François Proulx (00:24) Yeah, it’s been ⁓ everything happened since then. So I was ⁓ you know, I I was not screaming wolf. It ⁓ was prediction was spot on.

Josh Bressers (00:27) Yeah.

You you got a lot right. And just my goodness, what a couple of months it’s been. I mean, it’s just everything is is bananas and on fire. And and I I guess let’s do this. Just for we’ll say anyone who maybe isn’t as plugged into all the CI everything as we are, as well as just for, you know, future posterity purposes, like give us a recap of kind of what’s happened in the last well, you know, year and a half, give or take.

François Proulx (00:56) Yes.

Yeah, wow. Okay. So let’s go back to let’s go back to early 2025. Good old days before Claude Code and you know sp burning tokens and whatnot. ⁓ and yeah, back then I came and was telling everyone, hey, you know, your build pipeline, especially in open source projects, you should look at that because back then

Josh Bressers (01:06) Buckle up.

François Proulx (01:31) I already had indexed the vast majority, millions of open source projects, and I had the data to prove ⁓ that many, many were vulnerable and exploitable with interesting impact. when I mean interesting impact, I mean basically hijacking, poisoning the ⁓ the the different open source projects. And we had already started to do ⁓ bulk ⁓ reporting, responsible disclosure, and

That that was the the state of affairs at that moment. And then literally a month after TJ actions ⁓ change files happened, and that was the big first oh shit moment for many people where they realized that if a single component that’s used in millions of build pipelines gets compromised, in that case a GitHub Action kind of plugin, then the blast radius is

goes like very fast, very far with very big impact. If that component is used in a privileged workflow, let’s say a release ⁓ publishing package, then you might have as much op OIDC or trusted publishing or whatever, it doesn’t matter, right? And that was the first big moment, but there was another right before we talked, like a month before, ⁓ Ultralytics, which was to my knowledge,

And that I discovered right around the time that we spoke, but I had not made a public disclosure of that, which I did after, where I found the threat actor behind the ultralytics compromise on breach forums. ⁓ so that that was ⁓ something that I found. I basically found them even using our own open source tools and literally quoting our research. So on Breach Forums,

Josh Bressers (03:23) Tice.

François Proulx (03:27) literally before it was exploited came and gave the exact output of of our tool, Poutine pointing to to that zero day at that moment, exploiting it, coming back to brag about it. So that’s the first kind of documented actor using that ⁓ at scale, or at least with some impact. Then after TJ actions came, a bunch of people did a lot of interesting research, ⁓ fellow security researchers.

on the impact of of that. And then fast forward a couple of more months, then the whole you know, cascade of Shai-Hulud worms and all that in the fall. ⁓ some of them started with your run-of-the-mill social engineering of a open source maintainer compromising their laptop, stealing whatever is is on the laptop, and then using that to poison the package.

But also some of those initial access ⁓ compromise were through vulnerabilities in build pipelines. And we have documented evidence that it was the kindle to to start this worm in in some some ⁓ some aspects. ⁓ even I I mean even us ⁓ as a company, we were hit. One of our employee was compromised through one of those ⁓ compromise. So it was

⁓ also something where we had to do incident response and like ⁓ improve our playbook and whatnot. So we we felt it ⁓ very close ⁓ and we had to react.

Josh Bressers (05:03) wan I wanna interrupt

for a moment and just say your blog post about that event was very well done and I think very transparent. So like it I think that is a great example of anyone who gets popped. Like I’ll put a link in the show notes. Like go read this. It’s it’s awesome.

François Proulx (05:17) Yeah, thank you. ⁓ so that was a realization where it was not just theoretical. It was not just like doing research saying here’s a vulnerability that could be exploited. It was not just well, we don’t use TJ Actions, but many people did. So we didn’t feel the fire, but then it just happened to us. And then fast forward to just not so long ago, even GitHub got the same treatment. So at that point, who has not?

Have you, Josh?

Josh Bressers (05:49) So we have

not been directly I mean, we’ve had some ⁓ attacks, attempts, we’ll say, where ‘cause I mean, so you know, I work at a company called Anchore we have Syft and Grype our two like big flagship open source projects. And ⁓ when when Aqua Security Trivy got popped, we basically sat down and were like, All right, w what do we need to do to make sure we’re not on this list next? And we’ve like completely overhauled all of our GitHub Actions infrastructure to a point where it’s I mean

I don’t even know if I’d call it GitHub Actions anymore because we’re doing a ton of stuff like out of GitHub Actions, you know, in terms of credential storage and things like that. And even now, you know, like we have a system, for example, where where we have to ask for a credential from a a a a worker in ⁓ a a Lambda in AWS and things like that. And it’s we’ve done a ton of work and like the the developers get all the credit who I work with. Like they’re very smart and they understand this stuff. But yeah, like

It’s scary, man. It’s really scary right now. This is this is like every morning I wake up and I turn my computer on and I’m like, is is today the day? Is basically the way I think of this.

François Proulx (06:54) Yeah.

So we had we had an we had this realization ⁓ yeah like way back. We started doing like research in this niche of supply chain security back in twenty twenty two. ⁓ and what you were saying about the lambda, we we did this thing about like having a vault that is giving credentials dynamically of ⁓ open id connect in since twenty twenty two. So we we were like way back

Before I know like Chain Guard has this Octo ⁓ STS service. So I remember talking to them when it released, and it was like, yeah, like we’ve we’ve been doing that for a while. So we have the experience of being quite ahead of the threat, but now that it’s like very like happening like day by day, ⁓ we need to be on the tip of our toes ⁓ because ⁓ I mean yeah, it can happen to anyone. Like when it happens to big names like

you know, Trivy and then Checkmarx and and then big open source projects and even GitHub, it’s hard to keep up.

Josh Bressers (07:58) Yes, yes. It’s been completely ridiculous. Just trying just keeping track of this stuff feels like a full time job. It’s yeah. Anyway. Anyway. So you’re actually here for a reason, François. Is you created a tool named Smoked Meat, which I I I was also say before I hit record, I I was commenting to François about how I I love how like very Canadian all the naming is of all the projects Boost Security does, which is awesome. But

François Proulx (08:08) Okay.

Yes.

Yes.

More

than Montreal. Mont mo more than Canadian. Montreal ⁓ especially.

Josh Bressers (08:31) Okay.

Awesome. So i and and SmokedMeat is kind of why it’s funny. You reached out to me, it it feels like it was it’s seven years ago at this point about SmokedMeat and like, we should do a podcast about this. Like, yeah, we should totally do that. And like the number of things that have happened between that time I feel like could fill like a twelve hour podcast just because it’s been completely ridiculous. But I I don’t I do want to talk about SmokedMeat because

François Proulx (08:52) Yeah.

Josh Bressers (08:57) Now, the funny thing I’ll I’ll tell you about SmokedMeat is so I started looking at this and I started trying to figure out how it works. Cause I you know, I like to run this stuff and like this is an interesting project to me. And I you you could probably comment on this, but at when I started looking at this, I’m like, I’m worried GitHub is going to ban my account because of the things this does. So I’m like, I’m not going to run this right now. Like it that is a concern I have because GitHub right now is like super aggressive.

With you know, banning people trying to do scary and weird things. And so I Okay. Okay. ⁓

François Proulx (09:28) You would think, you would think. By my experience, not necessarily. But I

would say if I if I had a recommendation for you, yes, don’t use your daily daily GitHub user ⁓ like have another one. Let it age. You know what? Like don’t don’t use an account you created five minutes ago because yeah, they will ban you. But if you have like a

Josh Bressers (09:39) That’s fair.

François Proulx (09:53) you know, OG account that you’re not using as your primary, because that that’s what I do. Like I I have a number of those accounts that I age and I use to do various things and they’re not linked to our ⁓ normal ⁓ in our organization in any way. ⁓ so they they act at as different persona like a victim, ⁓ a threat actor and whatnot.

Josh Bressers (10:00) Gotcha.

Okay.

Okay, this is that’s good advice. I I need to do that. I need to build like burner infrastructure in GitHub nonbo Okay, anyway, tell us what SmokedMeat is first before we get off on a tangent, because we haven’t explained any of this at all and anyone listening is probably like, What’s going on?

François Proulx (10:26) We have not.

Okay, so yeah. So basically there’s been a lot of fire raging in the past many months. And ⁓ I would say in December, ⁓ so just you know s not even six months ago, I sat down to ⁓ try to understand what had happened like with those worms in the fall. So I wrote an article, ⁓ kind of a end of year ⁓ farewell ⁓

thought leadership kind of piece, ⁓ thinking, okay, that that happened just in less than one year. So I my article kind of goes back to Ultralytics, so which was December 2024. And that’s when I I disclosed the the breach forums post, which I said, okay, that’s the first documented evidence of a threat actor using it, this type of exploitation for ⁓ for for a real big open source project. And

All all all that happened after. And after I’m done writing this article, I go give a private webinar to a fintech company here in Montreal. And it was all about like, hey, you need to do something about your supply chain, you need to improve, including your build pipeline. There’s all those worms, you need to, you know, ⁓ implement those cool off periods and you know, all those things.

And then I finished that and I I I realized that the threat actors are just way ahead of many def most defenders because I it’s been since 2023 that I go to conferences, talk about that topic, come on the your podcast, other podcasts, and people say that’s all interesting, like ⁓ thanks for coming, you know. ⁓ but then nothing happens.

And then the threat actors really listen to this podcast. Hey, hello. Read all the articles, use all the tools, unlike many of you listeners. ⁓ and then they do bad things. And then it hits your own laptop, and then you come and cry, Uncle. I’m sorry, but I I was not, you know, crying wolf ⁓ so much in some cases. So basically I came to that realization and said, you know, ⁓ I need to build a more offensive tool.

Because Poutine, which I released in ⁓ April 2024, was a very much defensive like static analysis tool, like find the vulnerabilities so that you can address them. Put them in your backlog, forget about it. ⁓ complain to your manager that it should pre-prioritize for this sprint but then it’s never gonna be done. ⁓ so I thought, what those poor people that see the thing rotting in the backlog, what do they need?

They need they need they need a gun. So I built so I I built ⁓ Poutine really with the spirit of the good old Metasploit. For those of you, I I don’t know how much you you you know about Metasploit or have used Metasploit, Josh. Maybe the listeners don’t know that tool so much. But it’s ⁓ it’s a oldie but goodie from the early two thousands where you know.

Josh Bressers (13:42) yes.

François Proulx (13:53) fellow HD Moore created that at the time of Windows, the good old like Nimda code red type of vulnerabilities on Windows ⁓ back then. And he built that tool so that it makes it easy for people to effectively demonstrate how to exploit those vulnerabilities with like nice little plugins and then pivot. So that that was the whole motion of Metasploit was okay

There are known vulnerabilities out there, CVEs. We can craft an exploit and demonstrate that it’s easy to exploit. Once you’ve exploited, then what do you do with this arbitrary code execution on the remote side, the victim side? Then you can continue marching forward, pivoting, as they say, ⁓ with this little plugin that they called MetaPretter. ⁓ So effectively I had this idea. I’m like, I’m going to build basically Metasploit for CI/CD.

So that was the the premise of building SmokedMeat. At first I thought maybe I’m just gonna do like a plug-in or something on top of Metasploit, but quickly realized that the nature of build pipelines, CI/CD, being so ephemeral that runs just for a few seconds, a few minutes, and then they’re torn down, they don’t exist. the the you know it’s just a VM that’s ephemeral, is not.

is very different than like a windows server that runs 24-7 and then you can persist on it. You can just stash the malware in a corner, backdoor the kernel. But in the case of CI/CD, ⁓ we need a completely different strategy. So I ended up building this new tool and really making it first class citizen for this this type of ⁓ scenario

including the post post exploitation aspects which are specific to the threat model of CI/CD where ultimately if because well since what happened also since ⁓ we we spoke on the podcast I I’ve been you know doing the conference circles and two of my ⁓ zingers that ⁓ I came up ⁓ for the the the conference ⁓ was

Twenty twenty five’s bill pipelines look like the average two thousand five PHP web app in terms of secure coding.

Josh Bressers (16:18) Yes.

François Proulx (16:20) So and then I was told that many of the people in the audience were not born in two thousand five.

Josh Bressers (16:27) I believe that, yes.

François Proulx (16:28) So that I grew

some gray gray beer gray beard hair. ⁓ but then the other thing that I ⁓ came to use as another kind of you know zinger is maybe it’s it’s easier to rename CI/CD as RCE as a service so that everyone understands what it really is, right? Yeah.

Josh Bressers (16:49) I mean, that is what it does. Like,

in all seriousness.

François Proulx (16:54) Exactly. So one when you start to picture RCE as a service first, you’re like, okay, so I’m running arbitrary tests that is coming from a pull request, executing them automatically, right? Okay. So I better make sure that I’m not exposing my release like PyPI publishing keys in that same workflow, right? I in directly or indirectly. ⁓ so that’s what you need to think ⁓ first.

⁓ and then w once you you think about that, then ⁓ you you need to ⁓ effectively understand that all there is to steal in those ephemeral CI/CD workflows are the secrets. If there’s no secret, then big deal. You’re running arbitrary code on a remote VM that will be trashed 15 seconds later. ⁓ so that’s why SmokedMeat.

automatically scrapes the memory of that ephemeral runner and automatically classifies inventories, the secrets it found, bringing them into a graph database. And so the other thing that Smoke Meet does is put all that in a graph. So then you can discover where you start from a public repo. And then once you have those secrets local, you can pivot and discover new repos or or attack other repos, the vulnerabilities that

you couldn’t attack without having those new credentials. And that gives you ⁓ a chance to ⁓ pivot from public repos to private repos and go deeper and deeper into hypothetical infrastructure. So I ended up building ⁓ capture the flag ⁓ environment, a GitHub ⁓ organization called whooli which is ⁓ not to be ⁓ sued by HBO. ⁓

is a I spell it with a W in the beginning. ⁓ basically it’s built so that you can safely ⁓ experiment with SmokedMeat ⁓ and not get sued ⁓ by anyone except me maybe. ⁓ and you can really experiment with this in practice and I can tell you that the way it’s been designed is extremely inspired by real responsible disclosures that I’ve seen.

Josh Bressers (18:54) It’s

François Proulx (19:21) So this is not so far from reality. ⁓ yeah.

Josh Bressers (19:28) I mean, I believe that. I’ve seen some of the the the GitHub actions that people have been using and some of this stuff is just like it’s atrocious. Well, I sh I should say that. Okay, so I wanna I wanna address something you said way at the beginning of of kind of when we started discussing and you were talking about how, you know y you were talking about the importance of CI/CD security and everyone was ignoring you, and obviously we’re not now. And I mean this is one of the challenges we have in this industry is like

For example, I have 30 things to do. I can do 10 of them. Right? How do I decide what that is? And I mean, I’m not even gonna lie. Like the first time we talked, I’m like, CI/CD security, that sounds interesting. I should probably think about that. And I it it definitely wasn’t something I put high in my list to do. It wasn’t till after TJ Actions happened that I’m like, okay, there’s something here and I need to start caring about this. Right. And I mean, that is like the perpetual challenge.

Is like we all everyone in security has a million things to do and not near enough time to do it. So like that is that is a tough problem.

François Proulx (20:33) Yeah. So what we did, so the first year that we did the research was more like kind of ⁓ you know, ⁓ theoretical exercise, sitting down, like do documenting ⁓ attack trees and whatnot. Then we we we built those tools to automate so to help defenders like scan and then for us to scan at scale, then we collected like a big query, like a data lake with

basically inventoring millions of open source projects then doing the the disclosure. The next year in 2024 early 2025, what we did was now that we knew about vulnerabilities and we knew exactly the exploitation t techniques, the TTPs, we did then ⁓ large scale analysis in near real time of all the public events on GitHub. So the the fire hose of all public events.

we we we s we we we consume it in near real time and we cross it with the vulnerabilities and we have a slack channel where we see the evidence of exploitation ⁓ as they happen and so sometimes we do a disclosure not just of hey like there’s a vulnerability but it was exploit exploited ⁓ you know one hour ago. ⁓ so we we we’ve been doing that for yeah a year and a half now yeah a bit

Almost a year and a half. So we have now also evidence of exploitation. So threat actor profile and and all that, and and ⁓ just discovering potentially new TTPs that were not documented, which is not the case too much, but we continue doing research to to be on the forefront, and ⁓ so that yeah, so we not only have like the vulnerabilities aspect but also the potential exploitation ⁓

Pair it with

Josh Bressers (22:32) That’s pretty cool, man. I mean, that is so so that’s one of the things that I I think I’ve maybe been the most surprised by over the last probably year or two years of talking to people about all this kind of stuff is so my favorite is is like package cooldowns, right? Where you say don’t use the latest package. This is the same thing with when you’re when you’re using GitHub actions, like pin a pin a version to, you know, buy buy the the the checksum.

Not by not by the version. And then just sit on it and don’t like don’t mess with things for a while. Is the question becomes, well, if everyone pins things, how do we how do we, you know, how do we see the attacks? How do we know it’s okay? Because there is a certain amount of we’ll say just like, you know, herd immunity to some of this stuff. But like there are a ton of people doing exactly what you describe right now, where there’s an e like the eye of Saron is on GitHub and they are watching everything going on from, you know,

all the public events, all the releases happening, all the everything. And it is it is absolutely incredible that there’s all this attention happening. It’s amazing. I love it.

François Proulx (23:43) Yeah, yeah. And in some cases we see ⁓ modifications to workflows on big big projects. I’m not gonna name names. So we see the modification that makes it vulnerable, that like it was not vulnerable, then it becomes vulnerable, then we see exploitation within some sometimes hours after it became vulnerable. and you know, sometimes we need to race

to to disclose.

Josh Bressers (24:14) Okay, you mean that a project made a mistake, introduced a vulnerability, and then an attacker well the attackers are obviously also paying attention to this stuff, that means in that instance, right?

François Proulx (24:17) Mm-hmm.

Yep.

Yeah, so so we because we scan continuously, ⁓ we also observe the modifications. Just let’s say a git push on ⁓ on a workflow, and let’s say we had scanned it before, it was not vulnerable, but then we rescan it and we discover that now it’s a it’s vulnerable and very likely exploitable. Then we can in some cases observe the exploitation of it ⁓ and

you know, confirmed that yeah, indeed it was exploitable. So it it ⁓ and and and the attackers were faster than us to disclose and ⁓ have the maintainers fix it.

Josh Bressers (25:04) I mean, I guess I’m not I’m at this point nothing surprises me. I mean Okay. So I do have a question I want to ask about smoke meat, because I think this is Metasploit gets this all the time as well, is so why are you releasing a tool that attackers can use to benefit them, right?

François Proulx (25:22) Mm-hmm. Well, I think it’s because I didn’t they didn’t need to wait for SmokedMeat to to do it. Right? I I’m not giving them any new technique, anything they don’t already have, they don’t already know. It’s not even making their job easier, faster, better. Not so much. ⁓

Josh Bressers (25:29) It’s very true.

François Proulx (25:48) ⁓ Everything SmokedMeat has been designed definitely there’s no it nothing is it’s not a worm, it’s not automatic, it’s not like there’s no there’s no bring your own LLM key kind of thing. It’s it’s purely deterministic. It uses the the the the poutine scanning, discovers that, then generates the payload fully deterministic, that in many cases is trivial to generate the payload. ⁓

So yeah, like ⁓ there’s nothing new. Like I’m and I’m just giving the same tool that the the attackers, you know, Shai-Hulud and the different versions basically had had that built in. ⁓ so it it’s really just to give the defenders like the red team, blue team, kind of purple team, ⁓ that they they can you know.

Test something or and confirm that say they fixed it. Like it was vulnerable. It is it is exploitable. We confirmed that okay, yeah, we we it is exploitable. Like I just dropped the you know, PyPI publish key. So I have to fix it now because I confirm out of of any doubt that anyone could ⁓ could do the same as I just did. Then I fix it and I try again and I cannot dump the key. Okay, good.

Josh Bressers (26:48) yes.

So there’s another angle to this, I think, as well. So ⁓ you know, you mentioned Metasploit and HD Moore, and I have another podcast called Hacker History Podcast, and I talked to HD Moore on it some time ago. And, you know, we were reminiscing of the olden days. And I think one of the important things, this was I mean, Metasploit was part of this story. There was like the l0pht with, you know, back what’s back no back orifice was Cult of the Dead Cow But but there were all these tools that were created by these hacking groups.

François Proulx (27:35) ⁓ yeah.

Mm-hmm.

Josh Bressers (27:40) And

of course everyone is like up in arms, like, you’re you know, well, I guess in their case they didn’t care if hackers used it. That was that was kind of the point. But like companies like Microsoft, we forget that a lot of big companies back in, you know, the late nineties, early two thousands, they were very hostile to security and they were doing a terrible job of security. And it was without question the pressure from these tools and groups that helped push the industry forward, you know, kicking and screaming the whole way there.

And I feel like to a degree we need this as well with what we’re seeing in the world of, you know, open package registries, GitHub and their actions, just kind of everything going on. Like I’m comfortable saying that a lot of these action problems we have with just like GitHub kind of dropped the ball on all this security, right? Like they’re not the only blame in this story, but I do think they deserve a a quite a lot of it. Because I do feel like they built this amazing system.

François Proulx (28:16) Mm-hmm.

Josh Bressers (28:37) with absolute crap security and then no one did anything for a decade.

François Proulx (28:42) Yeah. Yeah, no, I i back then, the early two thousands, you would get a cease and desist instead of a bug bounty, you know? ⁓ right? ⁓ yeah, exactly. ⁓ knock on the door and whatever. ⁓ so back then, you know, the whole responsible disclosure, coordinated disclosure, whatever was not quite in the lingo. Bug bounty, forget about that. ⁓

Josh Bressers (28:51) Yeah. Yeah. Ceason just sit if you’re lucky you might

François Proulx (29:12) And then ⁓ you know it it it evolved and thanks to tools like Metasploit, because it was put in the hands of the pen testers in for the most part that were just doing what they were asked, and then say, Look, it took me three minutes to get to your active directory. And then like you cannot sit on the report, especially as ⁓ the years ⁓ pass by and CSOs, the C suite.

Josh Bressers (29:30) I know.

François Proulx (29:40) became to take that more seriously, then you were liable because you had a report with a big like active directory can be compromised in three minutes. ⁓ so that that that’s that’s what it took ⁓ to to move the needle. And ⁓ well now ⁓ maybe Shai-Hulud was was was what was needed to move the needle and Trivy and whatnot.

Josh Bressers (30:05) It i i yes, I agree with that. As much pain and suffering as this is all caused, I do think this is one of those instances where like the the old way had to burn down in order for a new way to be born. Which I mean it sucks when you’re the one kind of standing in the middle of it all, but it’s yeah, yeah, it’s definitely tough. And I’m I am hopeful that things get better faster from this point forward. But I mean, you know, we’ll

We’ll see how that kind of goes. So okay, François, we gotta land this plane, man. So like tell tell everyone what like what are the what are next steps? What should they do? What should they look at? Obviously, you know, I’ll I’ll put a link to Smoked Meat which is a super cool product. You have a very nice getting started as well, I will say, in in your in your hot readme. So all right, what what’s next? What do you want everyone to know?

François Proulx (30:57) So three things. So Poutine still exists. Anyone can use it, run it just the common line tool. You can put it in your CI/CD just to basically check your own CI/CD with you know against ⁓ against it. ⁓ but there’s another tool that we haven’t talked about that’s called Bagel that we have, and the idea of bagel came about after we got compromised.

Josh Bressers (31:04) Yes.

François Proulx (31:27) And we needed to do incident response. We needed to understand ⁓ the potential blast radius around the developer laptop that had been compromised to make sure that we didn’t forget anything to rotate and whatnot, right? ⁓ so bagel is doing exactly that. It’s it’s basically an infostealer that doesn’t send to the attacker. Okay. May maybe that’s not the right way to market it, but

Effectively it does it’s gonna like look on your laptop for SSH key, private keys that are not ⁓ encrypted. You have some Gemini API key in a temp folder or whatever. So it’s it’s gonna inventory what’s on your laptop that is sensitive and valuable that ⁓ an attacker, ⁓ some malware would exfiltrate first and give it to you just right away, local, offline, doesn’t upload anything.

so that you can follow the best practice of hardening, cleaning up, rotating and whatnot, things that maybe you should not have in your temp folder in it anyway. So it’s about ⁓ inventoring the potential blast radius, like r reducing, proactively reducing the potential impact of execution, exfiltration of those secrets, or at the very least, understanding your risk profile.

Right. So that’s that’s bagel. ⁓ and then

Josh Bressers (32:55) Yeah. Yeah. And and I I

wanna I wanna add one thing, François, is if anyone has never run a tool like that before, I I promise you, every time you run it, you’re gonna be like, How did that get there? Like I have never not run one of those sort of tools and not been surprised by at least one thing it found. It’s terrifying.

François Proulx (33:15) Yeah, even more so as we use Claude Code, Gemini, Codex, whatever, those tools, they will scrape the ri the output of of a log that contains a key and then stash it in a temp folder so that you can resume the conversation. So any day like you will you will start accumulate stuff. Like so the one of the feature of bagel is exactly to spot those and to automatically well, semi automatically scrub

Josh Bressers (33:19) Yeah. Yes.

François Proulx (33:43) Like re redact those things. ⁓ so I invite people to to try that. And then Smoked Meat definitely is a bit more like a offensive, like edgier tool that is definitely not for everyone. But at the very least, as a way to really understand what those ⁓ build pipeline compromise can lead to. If you’re not gonna try Smoke Meet, I invite you to look at ⁓ our YouTube channel, Boost Security Labs.

You will find a three-minute video that shows you exactly how SmokedMeat works and exploits in three minutes like the whole like capture the flag ⁓ environment that I created. So it’s a very ⁓ quick way to understand the the potential impact of of those vulnerabilities.

Josh Bressers (34:24) Nice.

And I will definitely put a link in the show notes to that, which I’ve not seen that either. So I’m like literally as soon as we stop doing this, I’m going to go watch a video. But

François Proulx (34:39) Yeah. And then

and finally the final call to action I would say and that’s ⁓ my other ⁓ zinger is threat model your YAML.

And why? It’s because the if if I if I ⁓ put it simply, is that when you look at a YAML, ⁓ GitHub Actions YAML, you have those tiny jobs. And what is a job if if only just a tiny virtual machine that’s ephemeral and then passing potentially data from one job to another? So that’s very much like a microservices architecture that you would architect and threat model, hopefully, so that you have some sensitive data in one service.

You store data in another, then consume a maybe more sensitive more or less sensitive data. And then you but now if you know that you have remote code execution in that job by design, maybe because you’re running tests automatically, then you better not put the secrets in that one and then only take the output that says the tests failed, the test passed, and whatnot, right? So threat model your YAML.

Just the same way you would build a a production infrastructure where you know that you have RCE by design. So that’s my message.

Josh Bressers (35:59) That’s a good idea. I I’m going to think about that because I I will admit I’ve never the threat model your your YAML I think brings a level of clarity. And yeah, I mean a pull request coming from a third party is functionally malicious input to the system. I mean ⁓ man. I love it. All right. I’m gonna think about that later. Not right now. So François I wanna thank you so much. This has been an absolute treat. I’ve learned a ton.

You and I mean keep up the good work, man. This is you know, you’re fighting the good fight and I love it. So thank you so much.

François Proulx (36:32) All right, thank you.