H3-2025-0007¶

GitHub Actions Hardcoded Container Credentials

Description¶

Docker registry credentials are sometimes hardcoded in GitHub Actions workflows to allow registry authentication in order to pull remote images. This practice leaves the credentials exposed to malicious users, who may use them directly against the registry.

Impact¶

An attacker may use exposed credentials to compromise a docker registry.

References¶

• Zizmor Documentation
• MITRE ATT&CK Technique: T1552.001: Unsecured Credentials: Credentials In Files