Run #23326425755 · actions-security-demo/compromised-packages | StepSecurity

analyze

Harden-runner policy:

audit

Start time:20 Mar 2026 02:24:15 GMTRunner name:-Duration:19sJob labels:ubuntu-latest

Show:

Show all steps

Step	PID	Process	Destination	Port	Status
Run malicious setup-trivy commit aquasecurity/setup-trivy@8afa9b9f9183b4e00c46e2b82d34047e3c177bd0	2849	curl	scan.aquasecurtiy.orgAPI Calls1	443	AllowedNot in baseline - learning	20 Mar 2026 02:24:27
Run malicious setup-trivy commit aquasecurity/setup-trivy@8afa9b9f9183b4e00c46e2b82d34047e3c177bd0	3009	curl	github.comAPI Calls1	443	AllowedNot in baseline - learning	20 Mar 2026 02:24:29
Run malicious setup-trivy commit aquasecurity/setup-trivy@8afa9b9f9183b4e00c46e2b82d34047e3c177bd0	3021	curl	get.trivy.devAPI Calls1	443	AllowedNot in baseline - learning	20 Mar 2026 02:24:29
Run malicious setup-trivy commit aquasecurity/setup-trivy@8afa9b9f9183b4e00c46e2b82d34047e3c177bd0	3021	curl	release-assets.githubusercontent.comAPI Calls1	443	AllowedNot in baseline - learning	20 Mar 2026 02:24:29
Run malicious setup-trivy commit aquasecurity/setup-trivy@8afa9b9f9183b4e00c46e2b82d34047e3c177bd0	2962	git-remote-http	github.comAPI Calls1	443	AllowedNot in baseline - learning	20 Mar 2026 02:24:28