


















Starting Monday, April 28 2025 at 16:00 UTC, StepSecurity’s Harden‑Runner began flagging unusual outbound network traffic to release-assets.githubusercontent.com from GitHub‑hosted runners in several independent customer repositories. Although the destination sits under the *.githubusercontent.com wildcard, it had never appeared in these workflows’ baselines and surfaced simultaneously across multiple organisations—strong indicators of a systemic change rather than a project‑level issue.
StepSecurity Harden‑Runner is a purpose-built runtime and network security agent for CI/CD. It offers a Community tier (free for open‑source projects) and an Enterprise tier with additional features.
Within minutes, StepSecurity engineers correlated the alerts across customers and hypothesised an upstream infrastructure change in GitHub Releases. To verify, we opened a ticket with GitHub Support.
GitHub confirmed the domain is part of a recently enabled feature flag that serves release assets via release-assets.githubusercontent.com. The change is legitimate and permanent.
Exact support reply
Hi Team,
Thank you for reaching out to GitHub Support!
I checked in with our engineering teams about this.
That’s correct, we have recently turned on a feature flag that adds the address release-assets.githubusercontent.com for release assets.
This change comes a part of some internal service updates and is planned to be permanent.
The *.githubusercontent.com address is listed as a wildcard in the GitHub META API Endpoint and depending on the activity performed you may see connections to many different githubusercontent.com subdomains, with some of them being new from time to time.
I hope this information helps with the false positives. Please let me know if you have any other questions or concerns!
Even benign platform changes can break assumptions and, worse, be abused by attackers who register look‑alike endpoints. Harden‑Runner’s behavioural approach catches both:
Boost the security of your GitHub Actions workflows with instant network visibility, strict egress controls, and built-in anomaly detection.
➡️ Get started in minutes – Add Harden‑Runner and lock down your CI/CD pipelines.
Easily integrate Harden‑Runner into your workflows automatically using Secure Workflow
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。