GitHub Actions’ job-level permission model is overly coarse-grained, violating the principle of least privilege and exacerbating software supply chain security risks. To address this, we propose the first step-level runtime permission enforcement mechanism: a transparent proxy intercepts resource access requests from JavaScript and composite actions, integrating sandbox hooks, metadata parsing, and a declarative policy engine to enable dynamic, workflow-definition–agnostic permission validation and enforcement. Our approach bypasses GitHub’s native permission constraints without requiring workflow modifications. Evaluated on 500 real-world workflows, it achieves coverage over 52.7% of protectable jobs and empirically mitigates ten representative privilege-abuse attack patterns. The average overhead is only 3.67 seconds (+55%), demonstrating strong compatibility and practicality for production deployment.

Modern software projects use automated CI/CD pipelines to streamline their development, build, and deployment processes. GitHub Actions is a popular CI/CD platform that enables project maintainers to create custom workflows -- collections of jobs composed of sequential steps -- using reusable components known as actions. Wary of the security risks introduced by fully-privileged actions, GitHub provides a job-level permission model for controlling workflow access to repository resources. Unfortunately, this model is too coarse-grained to reduce the attack surface pertaining to permission misuse attacks: All actions within a job share the same permissions granted to the job. This violates the principle of least privilege and can lead to broader software supply chain attacks, whenever a compromised action exploits the granted permissions to compromise the repository resources. In this paper, we present Granite, a runtime proxy-based system that enforces fine-grained permissions for GitHub Actions at the step-level granularity within a job. Granite transparently monitors requests made by JavaScript and composite actions during workflow execution and checks them against predefined step-level policies at runtime. We evaluate Granite in terms of compatibility, security, and performance overhead using a dataset of 500 workflows comprising 12,916 jobs from the most-starred GitHub repositories that use GitHub Actions. Our analysis reveals that 52.7% of the jobs can be protected by Granite against permission misuse attacks. We evaluate Granite on 20 top-starred repositories (63 actions, 58 workflows), validate attack prevention using 10 permission misuse attacks across 42 overprivileged jobs, and measure an average overhead of 55% (3.67 seconds) per job, concluding that Granite effectively reduces CI/CD attack surfaces.