Self-hosted GitHub Actions runners expose filesystem credentials to malicious workflows

critical

securityUpdated Mar 20, 2026(via Exa)

Sources

Trivy GitHub Actions Supply Chain Compromise | Snyksnyk.io

Technologies:

Snyksubject

GitHub ActionsSymptoms of this issue are visible in GitHub Actions metrics and logs

KubernetesKubernetes metrics correlate with this issue and help confirm diagnosis

TerraformTerraform metrics correlate with this issue and help confirm diagnosis

How to detect:

Malicious code executing on self-hosted GitHub Actions runners can scan 50+ sensitive filesystem paths to harvest SSH keys, cloud credentials (AWS/GCP/Azure), Kubernetes tokens, Docker credentials, database connection strings, Terraform state files, cryptocurrency wallets, TLS certificates, shell history, and VPN configs. The attack targeted paths like ~/.ssh/id_rsa, ~/.aws/credentials, ~/.kube/config, terraform.tfstate, ~/.docker/config.json, and cryptocurrency wallet directories.

Recommended action:

Isolate self-hosted runners in ephemeral environments (containers/VMs destroyed after each job). Never store persistent credentials on runner filesystems—use short-lived tokens from secret managers. Pin all workflow actions to commit SHAs to prevent malicious code injection. Implement filesystem access controls and audit logging on runner hosts. Check for persistence mechanisms: ls -la ~/.config/systemd/user/sysmon.py and systemctl --user list-units | grep sysmon. Rotate all credentials if compromised actions ran on self-hosted runners.