from Hacker News

Analysis of supply-chain attack on Ultralytics

by SethMLarson on 12/11/24, 3:18 PM with 31 comments

  • by dlor on 12/14/24, 4:02 PM

    Really cool to see all the hard work on Trusted Publishing and Sigstore pay off here. As a reminder, these tools were never meant to prevent attacks like this, only to make them easier to detect, harder to hide, and easier to recover from.

  • by ronjouch on 12/14/24, 2:26 PM

    Good recommendations, including a neat tool to audit your GHAs: https://github.com/woodruffw/zizmor , “A static analysis tool for GitHub Actions”.

  • by clbrmbr on 12/14/24, 4:54 PM

    As a user of PyPI, what’s a best practice to protect against compromised libraries?

    I fear that freezing the version number is inadequate because attackers (who don’t forget, control the dependency) could change the git tag and redeploy a commonly used version with different code.

    Is it really viable to use hashes to lock the requirements.txt?

  • by koromak on 12/14/24, 2:53 PM

    Anyone know of a tool like zizmor for GitLab CI/CD? Pretty confident my setup is unsafe after reading through this.

    Honestly safety in CI/CD seems near impossible anyways.

  • by romanows on 12/14/24, 4:17 PM

    So the Python package `ultralytics` had their GitHub CI/CD pipeline compromised which allowed an attack to be inserted and then published on PyPI?

  • by Hilift on 12/14/24, 3:07 PM

    Sadly, popular open source projects are vulnerable to this vector. A popular package that is adopted by a large vendor (Redhat/Microsoft) may see a PR from months or a year ago materialize in their product update pipeline. That is too easy to weaponize so that it doesn't manifest until needed or in a different environment.

  • by amelius on 12/14/24, 11:11 PM

    Question. Are there white-hat hackers out there who pen-test the Python ecosystem on a regular basis?

  • by amelius on 12/14/24, 11:15 PM

    > What can you do as a publisher to the Python Package Index?

    Does PyPI rate publishers based on how well they comply to these rules? Can users see which publishers are more reliable than others?

  • by JimmyWilliams1 on 12/14/24, 2:31 PM

    I appreciate PyPI's transparency and the proactive measures to mitigate future risks. Are there plans to further educate developers on secure workflow practices to prevent similar incidents? This seems like a vital area for community collaboration and awareness.