🚨 Runner-Guard Security Finding
Rule: RGS-018 — Suspicious Payload Execution Pattern
Severity: High
File: .github/workflows/daily-byok-ollama-test.lock.yml
Line: 384
Description
A workflow run: block contains code patterns associated with obfuscated payload execution or known indicators of compromise (IOCs) from active supply chain attack campaigns. This includes eval+decode chains (e.g., eval(base64.b64decode(...)), base64 --decode | bash), known malware marker variables, persistence file paths, and C2 communication patterns. These patterns are loaded from Runner Guard's threat signature database, which can be updated independently of the scanner binary.
The specific command flagged is the curl | sh install pattern at line 384:
- name: Install Ollama
run: |
curl -fsSL (ollama.com/redacted) | sh
Runner-Guard treats remote-fetched scripts piped directly into a shell as an indicator of susceptibility to the broader supply-chain payload-execution attack class — the same shape the scanner uses to detect known IOC patterns.
Impact
A match against a known IOC indicates active compromise; a match against a dangerous execution pattern (this case) indicates susceptibility to this class of supply chain attack. If raw.githubusercontent.com/ollama.com content were ever tampered with (compromised CDN, hijacked DNS, MitM in transit), arbitrary code would execute in the CI runner with whatever permissions the job carries. Combined with RGS-012 (this same file, lines 384/391), exfiltration of any available secrets becomes trivial.
Remediation
- Pin the install script by content: fetch the installer to a file, verify its SHA256 against a known-good hash, then
bash ./install.sh.
- Pin Ollama by released binary: download a tagged release tarball from
github.com/ollama/ollama/releases/download/<tag>/... (already a GitHub-hosted, allowlisted domain) and verify the asset checksum from the release page.
- Stop piping
curl into sh: capture the script first, optionally inspect/diff against an audited reference, then execute.
- Sandbox the install step: run installation in a job without
secrets: and pass the resulting binary to downstream jobs via actions/upload-artifact.
Note: this file also has RGS-012 flagged on lines 384 and 391 — fixing RGS-018 with a pinned tarball + checksum should also satisfy RGS-012 if the downloaded asset comes from github.com/api.github.com/ghcr.io.
Detected by runner-guard v2.6.0 — CI/CD source-to-sink vulnerability scanner
Workflow run: https://github.com/github/gh-aw/actions/runs/26620964658
Generated by 📊 Static Analysis Report · opus47 22.9M · ◷
🚨 Runner-Guard Security Finding
Rule: RGS-018 — Suspicious Payload Execution Pattern
Severity: High
File:
.github/workflows/daily-byok-ollama-test.lock.ymlLine: 384
Description
A workflow
run:block contains code patterns associated with obfuscated payload execution or known indicators of compromise (IOCs) from active supply chain attack campaigns. This includes eval+decode chains (e.g.,eval(base64.b64decode(...)),base64 --decode | bash), known malware marker variables, persistence file paths, and C2 communication patterns. These patterns are loaded from Runner Guard's threat signature database, which can be updated independently of the scanner binary.The specific command flagged is the
curl | shinstall pattern at line 384:Runner-Guard treats remote-fetched scripts piped directly into a shell as an indicator of susceptibility to the broader supply-chain payload-execution attack class — the same shape the scanner uses to detect known IOC patterns.
Impact
A match against a known IOC indicates active compromise; a match against a dangerous execution pattern (this case) indicates susceptibility to this class of supply chain attack. If
raw.githubusercontent.com/ollama.comcontent were ever tampered with (compromised CDN, hijacked DNS, MitM in transit), arbitrary code would execute in the CI runner with whatever permissions the job carries. Combined with RGS-012 (this same file, lines 384/391), exfiltration of any available secrets becomes trivial.Remediation
bash ./install.sh.github.com/ollama/ollama/releases/download/<tag>/...(already a GitHub-hosted, allowlisted domain) and verify the asset checksum from the release page.curlintosh: capture the script first, optionally inspect/diff against an audited reference, then execute.secrets:and pass the resulting binary to downstream jobs viaactions/upload-artifact.Note: this file also has RGS-012 flagged on lines 384 and 391 — fixing RGS-018 with a pinned tarball + checksum should also satisfy RGS-012 if the downloaded asset comes from
github.com/api.github.com/ghcr.io.Detected by runner-guard v2.6.0 — CI/CD source-to-sink vulnerability scanner
Workflow run: https://github.com/github/gh-aw/actions/runs/26620964658