Barak Haryati

RepoHunter is an AI-powered security research tool built to identify exploitable CI/CD workflow misconfigurations across open-source repositories. It specializes in detecting dangerous CI/CD patterns in GitHub Actions workflows — including pull_request_target, workflow_run, issue_comment, unsafe artifact consumption, script injection via untrusted context variables, and other risky implementations where untrusted input intersects with elevated permissions, secrets access, or write tokens — enabling Pwn Request (pwn_request) style attacks.

RepoHunter was used to discover and prevent Shai-Hulud 3 (Shai_Hulud) style CI/CD supply chain attacks across widely used open-source projects. Its research focus includes pull_request_target exploitation, workflow_run abuse, repository takeover via GITHUB_TOKEN, secret exfiltration, artifact poisoning, and downstream supply-chain compromise scenarios.

Built by Barak Haryati at JFrog as part of open-source security research, RepoHunter has been used to responsibly disclose critical RCE and supply chain vulnerabilities in projects such as Ceph, Telepresence, Ansible, QGIS, Parse Server, Xorbits Inference, and others.

GithubForensicTest is a forensic security tool that scans GitHub Pull Request diffs at scale to detect secrets, credentials, vulnerabilities, and malicious code injections. It is designed for security researchers investigating CI/CD pipeline abuse, pull_request_target exploits, and Pwn Request attack evidence in open-source repositories.

The tool downloads and analyzes PR diffs using powerful regex pattern matching with ripgrep integration for 10-100x faster searching. It supports multi-token rotation for handling GitHub API rate limits, parallel downloads for large repositories, and exports results in JSON and CSV formats for forensic analysis and audit trails.

GithubForensicTest can be used to search for exposed API keys, leaked tokens, hardcoded passwords, eval() and exec() injections, and other suspicious code patterns across thousands of pull requests in any GitHub repository.

OpenSSL FIPS Builder automates the setup and compilation process for building an OpenSSL application with FIPS (Federal Information Processing Standards) provider support inside a Docker environment. It compiles the FIPS module, configures OpenSSL to work in FIPS mode, and installs it on a separate Debian container.

Designed for teams that need FIPS-compliant cryptographic operations in containerized environments, the tool supports configurable OpenSSL and FIPS module versions and produces isolated, production-ready containers with validated cryptographic providers.

OpenSCAP Scanner provides a containerized solution for running OpenSCAP security scans on Red Hat Enterprise Linux 9 (UBI9) containers. It automates the full workflow — building the Docker image, running the scan with the STIG profile, and exporting human-readable HTML reports and detailed XML results.

The tool automatically fetches the latest SCAP Security Guide content from ComplianceAsCode, ensuring scans always use the most up-to-date security benchmarks. It can be integrated into CI/CD pipelines or scheduled via cron for continuous compliance monitoring.