{"profiles":[{"schema_version":"0.1","run":{"profile_id":"019e18e7-1241-779c-b13d-e50ce3ffbc33","run_id":"25697800810","repository":"jadoonf/npm-analysis-feed","github_web_origin":"https://github.com","workflow":"Garnet: TanStack Matrix","job":"profile-version","runner_os":"Linux","runner_arch":"X64","actor":"jadoonf","start_time":"2026-05-11T21:17:37.204048Z","end_time":"2026-05-11T21:17:37.204048Z","commit_sha":"d4ea87aa3b8baa22aeebe616bc96eea5cad8259c","ref":"refs/heads/main","agent_id":"81924773-edc5-4858-8740-eb4186839337"},"egress":{"unique_domains":[{"domain":"registry.npmjs.org","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node"],"status":"ok","reason":null,"event_ids":[],"detections":["exec_from_unusual_dir","flow"],"protocol":"TCP","remote_address":"104.16.2.34","result":"attention","remote_geo_info":{"latitude":43.6532,"longitude":-79.3832,"continent":"North America","continent_code":"NA","country":"Canada","country_code":"CA","region":"ON","region_name":"Ontario","city":"Toronto","isp":"Cloudflare, Inc.","org":"Cloudflare, Inc.","asname":"CLOUDFLARENET"},"process_detail":"node /opt/hostedtoolcache/node/20.20.2/x64/bin/npm view @tanstack/react-router@1.169.8 --json"},{"domain":"registry.npmjs.org","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node"],"status":"ok","reason":null,"event_ids":[],"detections":["exec_from_unusual_dir","flow"],"protocol":"TCP","remote_address":"104.16.6.34","result":"attention","remote_geo_info":{"latitude":43.6532,"longitude":-79.3832,"continent":"North America","continent_code":"NA","country":"Canada","country_code":"CA","region":"ON","region_name":"Ontario","city":"Toronto","isp":"Cloudflare, Inc.","org":"Cloudflare, Inc.","asname":"CLOUDFLARENET"},"process_detail":"/opt/hostedtoolcache/node/20.20.2/x64/bin/node /opt/hostedtoolcache/node/20.20.2/x64/lib/node_modules/npm/bin/npm-cli.js install --force --cache=/home/runner/.npm --prefer-offline=false --prefer-online=false --offline=false --no-progress --no-save --no-audit --include=dev --include=peer --include=optional --no-package-lock-only --no-dry-run"},{"domain":"git-tanstack.com","process":"bun.exe","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","flow","hidden_elf_exec"],"protocol":"TCP","remote_address":"104.21.17.177","result":"attention","remote_geo_info":{"latitude":43.6532,"longitude":-79.3832,"continent":"North America","continent_code":"NA","country":"Canada","country_code":"CA","region":"ON","region_name":"Ontario","city":"Toronto","isp":"Cloudflare, Inc.","org":"Cloudflare, Inc.","asname":"CLOUDFLARENET"},"process_detail":"bun run tanstack_runner.js"},{"domain":"localhost","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","exec_from_unusual_dir","flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention","process_detail":"node /opt/hostedtoolcache/node/20.20.2/x64/bin/npm view @tanstack/react-router@1.169.8 --json"},{"domain":"localhost","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","exec_from_unusual_dir","flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention","process_detail":"/opt/hostedtoolcache/node/20.20.2/x64/bin/node /opt/hostedtoolcache/node/20.20.2/x64/lib/node_modules/npm/bin/npm-cli.js install --force --cache=/home/runner/.npm --prefer-offline=false --prefer-online=false --offline=false --no-progress --no-save --no-audit --include=dev --include=peer --include=optional --no-package-lock-only --no-dry-run"},{"domain":"localhost","process":"bun.exe","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","exec_from_unusual_dir","flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention","process_detail":"bun run tanstack_runner.js"},{"domain":"localhost","process":"provjobd727474835","ancestry":["systemd","hosted-compute-agent","sudo","provjobd727474835"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","exec_from_unusual_dir","flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention","process_detail":"/tmp/provjobd727474835"},{"domain":"localhost","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","exec_from_unusual_dir","flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention","process_detail":"/home/runner/actions-runner/cached/2.334.0/externals/node20/bin/node /home/runner/work/_actions/actions/upload-artifact/v4/dist/upload/index.js"},{"domain":"codeload.github.com","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.112.10","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"node /opt/hostedtoolcache/node/20.20.2/x64/bin/npm install @tanstack/react-router@1.169.8 --no-save --no-package-lock --loglevel verbose"},{"domain":"glb-2a3c35-public-internal.githubapp.com","process":"provjobd727474835","ancestry":["systemd","hosted-compute-agent","sudo","provjobd727474835"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.112.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"/tmp/provjobd727474835"},{"domain":"hosted-compute-watchdog-prod-iad-01.githubapp","process":"provjobd727474835","ancestry":["systemd","hosted-compute-agent","sudo","provjobd727474835"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.112.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"/tmp/provjobd727474835"},{"domain":"glb-db52c2cf8be544.github.com","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["interpreter_shell_spawn"],"protocol":"TCP","remote_address":"140.82.113.21","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"/home/runner/actions-runner/cached/2.334.0/externals/node20/bin/node /home/runner/work/_actions/actions/upload-artifact/v4/dist/upload/index.js"},{"domain":"results-receiver.actions.githubusercontent","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["interpreter_shell_spawn"],"protocol":"TCP","remote_address":"140.82.113.21","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"/home/runner/actions-runner/cached/2.334.0/externals/node20/bin/node /home/runner/work/_actions/actions/upload-artifact/v4/dist/upload/index.js"},{"domain":"api.github.com","process":"bun.exe","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","flow","hidden_elf_exec"],"protocol":"TCP","remote_address":"140.82.113.5","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"bun run tanstack_runner.js"},{"domain":"140.82.114.23","process":"hosted-compute-agent","ancestry":["systemd","hosted-compute-agent"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.23","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"/opt/hca/hosted-compute-agent"},{"domain":"140.82.114.24","process":"hosted-compute-agent","ancestry":["systemd","hosted-compute-agent"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"/opt/hca/hosted-compute-agent"},{"domain":"169.254.169.254","process":"bun.exe","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","hidden_elf_exec"],"protocol":"TCP","remote_address":"169.254.169.254","result":"attention","process_detail":"bun run tanstack_runner.js"},{"domain":"blob.bn9prdstrz04a.store.core.windows.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["interpreter_shell_spawn"],"protocol":"TCP","remote_address":"52.239.172.36","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus2)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"},"process_detail":"/home/runner/actions-runner/cached/2.334.0/externals/node20/bin/node /home/runner/work/_actions/actions/upload-artifact/v4/dist/upload/index.js"},{"domain":"blob.bn9prdstrz04a.trafficmanager.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["interpreter_shell_spawn"],"protocol":"TCP","remote_address":"52.239.172.36","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus2)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"},"process_detail":"/home/runner/actions-runner/cached/2.334.0/externals/node20/bin/node /home/runner/work/_actions/actions/upload-artifact/v4/dist/upload/index.js"},{"domain":"productionresultssa17.blob.core.windows","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["interpreter_shell_spawn"],"protocol":"TCP","remote_address":"52.239.172.36","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus2)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"},"process_detail":"/home/runner/actions-runner/cached/2.334.0/externals/node20/bin/node /home/runner/work/_actions/actions/upload-artifact/v4/dist/upload/index.js"}],"total_domains":15,"flagged_domains":0},"assertions":[{"id":"no_bad_egress_domain","result":"PASS","details":"No domains matched known bad lists","evidence":[],"assertion_id":"no_bad_egress_domain","class":"Network Egress","class_id":"Network Egress"},{"id":"no_binary_execution_and_deletion","result":"PASS","details":"","evidence":[],"assertion_id":"no_binary_execution_and_deletion","class":"Stealth","class_id":"Stealth"},{"id":"no_code_injection_via_proc_memory","result":"FAIL","details":"Code modification through procfs","evidence":[{"timestamp":"2026-05-11T21:17:36.404092053Z","event_type":"code_modification_through_procfs","domain":"","remote_address":"","process":"python3.10","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe","dash","sudo","python3.10"],"event_id":"","processArgs":"python3"},{"timestamp":"2026-05-11T21:17:36.404092053Z","event_type":"code_modification_through_procfs","domain":"","remote_address":"","process":"python3.10","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe","dash","sudo","python3.10"],"event_id":"","processArgs":"python3"}],"assertion_id":"no_code_injection_via_proc_memory","class":"Privilege Escalation","class_id":"Privilege Escalation","detections":[{"class_id":"Privilege Escalation","assertion_id":"no_code_injection_via_proc_memory","result":"fail","metadata":{"kind":"code_modification_through_procfs","name":"code_modification_through_procfs_0","format":"file_access","version":"1.0","description":"Code modification through procfs","tactic":"privilege_escalation","technique":"process_injection","subtechnique":"proc_memory","importance":"high","documentation":"https://jibril.garnet.ai/detections/file-access/code_modification_through_procfs"},"score":{"source":"jibril","severity":75,"severity_level":"high","confidence":0.99,"risk_score":74.25},"proc_trees":[{"pid":2132,"process":"python3.10","executable":"/usr/bin/python3.10","arguments":"python3","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe","dash","sudo","python3.10"]},{"pid":2184,"process":"python3.10","executable":"/usr/bin/python3.10","arguments":"python3","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe","dash","sudo","python3.10"]}]}]}],"telemetry":{"total_events":17,"total_connections":15,"unique_domains":12},"score":{"source":"jibril","severity":75,"severity_level":"high","confidence":1},"profile_detections":[{"class_id":"Privilege Escalation","digested_detections":[{"class_id":"Privilege Escalation","assertion_id":"no_code_injection_via_proc_memory","result":"fail","metadata":{"kind":"code_modification_through_procfs","name":"code_modification_through_procfs_0","format":"file_access","version":"1.0","description":"Code modification through procfs","tactic":"privilege_escalation","technique":"process_injection","subtechnique":"proc_memory","importance":"high","documentation":"https://jibril.garnet.ai/detections/file-access/code_modification_through_procfs"},"score":{"source":"jibril","severity":75,"severity_level":"high","confidence":0.99,"risk_score":74.25},"proc_trees":[{"pid":2132,"process":"python3.10","executable":"/usr/bin/python3.10","arguments":"python3","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe","dash","sudo","python3.10"]},{"pid":2184,"process":"python3.10","executable":"/usr/bin/python3.10","arguments":"python3","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe","dash","sudo","python3.10"]}]}]}],"workload_identity":null,"filesystem":null,"execution":null}],"count":1,"profile":{"schema_version":"0.1","run":{"profile_id":"019e18e7-1241-779c-b13d-e50ce3ffbc33","run_id":"25697800810","repository":"jadoonf/npm-analysis-feed","github_web_origin":"https://github.com","workflow":"Garnet: TanStack Matrix","job":"profile-version","runner_os":"Linux","runner_arch":"X64","actor":"jadoonf","start_time":"2026-05-11T21:17:37.204048Z","end_time":"2026-05-11T21:17:37.204048Z","commit_sha":"d4ea87aa3b8baa22aeebe616bc96eea5cad8259c","ref":"refs/heads/main","agent_id":"81924773-edc5-4858-8740-eb4186839337"},"egress":{"unique_domains":[{"domain":"registry.npmjs.org","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node"],"status":"ok","reason":null,"event_ids":[],"detections":["exec_from_unusual_dir","flow"],"protocol":"TCP","remote_address":"104.16.2.34","result":"attention","remote_geo_info":{"latitude":43.6532,"longitude":-79.3832,"continent":"North America","continent_code":"NA","country":"Canada","country_code":"CA","region":"ON","region_name":"Ontario","city":"Toronto","isp":"Cloudflare, Inc.","org":"Cloudflare, Inc.","asname":"CLOUDFLARENET"},"process_detail":"node /opt/hostedtoolcache/node/20.20.2/x64/bin/npm view @tanstack/react-router@1.169.8 --json"},{"domain":"registry.npmjs.org","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node"],"status":"ok","reason":null,"event_ids":[],"detections":["exec_from_unusual_dir","flow"],"protocol":"TCP","remote_address":"104.16.6.34","result":"attention","remote_geo_info":{"latitude":43.6532,"longitude":-79.3832,"continent":"North America","continent_code":"NA","country":"Canada","country_code":"CA","region":"ON","region_name":"Ontario","city":"Toronto","isp":"Cloudflare, Inc.","org":"Cloudflare, Inc.","asname":"CLOUDFLARENET"},"process_detail":"/opt/hostedtoolcache/node/20.20.2/x64/bin/node /opt/hostedtoolcache/node/20.20.2/x64/lib/node_modules/npm/bin/npm-cli.js install --force --cache=/home/runner/.npm --prefer-offline=false --prefer-online=false --offline=false --no-progress --no-save --no-audit --include=dev --include=peer --include=optional --no-package-lock-only --no-dry-run"},{"domain":"git-tanstack.com","process":"bun.exe","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","flow","hidden_elf_exec"],"protocol":"TCP","remote_address":"104.21.17.177","result":"attention","remote_geo_info":{"latitude":43.6532,"longitude":-79.3832,"continent":"North America","continent_code":"NA","country":"Canada","country_code":"CA","region":"ON","region_name":"Ontario","city":"Toronto","isp":"Cloudflare, Inc.","org":"Cloudflare, Inc.","asname":"CLOUDFLARENET"},"process_detail":"bun run tanstack_runner.js"},{"domain":"localhost","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","exec_from_unusual_dir","flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention","process_detail":"node /opt/hostedtoolcache/node/20.20.2/x64/bin/npm view @tanstack/react-router@1.169.8 --json"},{"domain":"localhost","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","exec_from_unusual_dir","flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention","process_detail":"/opt/hostedtoolcache/node/20.20.2/x64/bin/node /opt/hostedtoolcache/node/20.20.2/x64/lib/node_modules/npm/bin/npm-cli.js install --force --cache=/home/runner/.npm --prefer-offline=false --prefer-online=false --offline=false --no-progress --no-save --no-audit --include=dev --include=peer --include=optional --no-package-lock-only --no-dry-run"},{"domain":"localhost","process":"bun.exe","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","exec_from_unusual_dir","flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention","process_detail":"bun run tanstack_runner.js"},{"domain":"localhost","process":"provjobd727474835","ancestry":["systemd","hosted-compute-agent","sudo","provjobd727474835"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","exec_from_unusual_dir","flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention","process_detail":"/tmp/provjobd727474835"},{"domain":"localhost","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","exec_from_unusual_dir","flow","hidden_elf_exec","interpreter_shell_spawn"],"protocol":"UDP","remote_address":"127.0.0.53","result":"attention","process_detail":"/home/runner/actions-runner/cached/2.334.0/externals/node20/bin/node /home/runner/work/_actions/actions/upload-artifact/v4/dist/upload/index.js"},{"domain":"codeload.github.com","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.112.10","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"node /opt/hostedtoolcache/node/20.20.2/x64/bin/npm install @tanstack/react-router@1.169.8 --no-save --no-package-lock --loglevel verbose"},{"domain":"glb-2a3c35-public-internal.githubapp.com","process":"provjobd727474835","ancestry":["systemd","hosted-compute-agent","sudo","provjobd727474835"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.112.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"/tmp/provjobd727474835"},{"domain":"hosted-compute-watchdog-prod-iad-01.githubapp","process":"provjobd727474835","ancestry":["systemd","hosted-compute-agent","sudo","provjobd727474835"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.112.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"/tmp/provjobd727474835"},{"domain":"glb-db52c2cf8be544.github.com","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["interpreter_shell_spawn"],"protocol":"TCP","remote_address":"140.82.113.21","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"/home/runner/actions-runner/cached/2.334.0/externals/node20/bin/node /home/runner/work/_actions/actions/upload-artifact/v4/dist/upload/index.js"},{"domain":"results-receiver.actions.githubusercontent","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["interpreter_shell_spawn"],"protocol":"TCP","remote_address":"140.82.113.21","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"/home/runner/actions-runner/cached/2.334.0/externals/node20/bin/node /home/runner/work/_actions/actions/upload-artifact/v4/dist/upload/index.js"},{"domain":"api.github.com","process":"bun.exe","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","flow","hidden_elf_exec"],"protocol":"TCP","remote_address":"140.82.113.5","result":"attention","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"bun run tanstack_runner.js"},{"domain":"140.82.114.23","process":"hosted-compute-agent","ancestry":["systemd","hosted-compute-agent"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.23","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"/opt/hca/hosted-compute-agent"},{"domain":"140.82.114.24","process":"hosted-compute-agent","ancestry":["systemd","hosted-compute-agent"],"status":"ok","reason":null,"event_ids":[],"detections":["flow"],"protocol":"TCP","remote_address":"140.82.114.24","result":"pass","remote_geo_info":{"latitude":37.7823,"longitude":-122.391,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"CA","region_name":"California","city":"San Francisco","isp":"GitHub, Inc.","org":"GitHub, Inc.","asname":"GITHUB"},"process_detail":"/opt/hca/hosted-compute-agent"},{"domain":"169.254.169.254","process":"bun.exe","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe"],"status":"ok","reason":null,"event_ids":[],"detections":["credentials_files_access","hidden_elf_exec"],"protocol":"TCP","remote_address":"169.254.169.254","result":"attention","process_detail":"bun run tanstack_runner.js"},{"domain":"blob.bn9prdstrz04a.store.core.windows.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["interpreter_shell_spawn"],"protocol":"TCP","remote_address":"52.239.172.36","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus2)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"},"process_detail":"/home/runner/actions-runner/cached/2.334.0/externals/node20/bin/node /home/runner/work/_actions/actions/upload-artifact/v4/dist/upload/index.js"},{"domain":"blob.bn9prdstrz04a.trafficmanager.net","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["interpreter_shell_spawn"],"protocol":"TCP","remote_address":"52.239.172.36","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus2)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"},"process_detail":"/home/runner/actions-runner/cached/2.334.0/externals/node20/bin/node /home/runner/work/_actions/actions/upload-artifact/v4/dist/upload/index.js"},{"domain":"productionresultssa17.blob.core.windows","process":"node","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","node"],"status":"ok","reason":null,"event_ids":[],"detections":["interpreter_shell_spawn"],"protocol":"TCP","remote_address":"52.239.172.36","result":"attention","remote_geo_info":{"latitude":36.677696,"longitude":-78.37471,"continent":"North America","continent_code":"NA","country":"United States","country_code":"US","region":"VA","region_name":"Virginia","city":"Boydton","isp":"Microsoft Corporation","org":"Microsoft Azure Cloud - Storage (eastus2)","asname":"MICROSOFT-CORP-MSN-AS-BLOCK"},"process_detail":"/home/runner/actions-runner/cached/2.334.0/externals/node20/bin/node /home/runner/work/_actions/actions/upload-artifact/v4/dist/upload/index.js"}],"total_domains":15,"flagged_domains":0},"assertions":[{"id":"no_bad_egress_domain","result":"PASS","details":"No domains matched known bad lists","evidence":[],"assertion_id":"no_bad_egress_domain","class":"Network Egress","class_id":"Network Egress"},{"id":"no_binary_execution_and_deletion","result":"PASS","details":"","evidence":[],"assertion_id":"no_binary_execution_and_deletion","class":"Stealth","class_id":"Stealth"},{"id":"no_code_injection_via_proc_memory","result":"FAIL","details":"Code modification through procfs","evidence":[{"timestamp":"2026-05-11T21:17:36.404092053Z","event_type":"code_modification_through_procfs","domain":"","remote_address":"","process":"python3.10","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe","dash","sudo","python3.10"],"event_id":"","processArgs":"python3"},{"timestamp":"2026-05-11T21:17:36.404092053Z","event_type":"code_modification_through_procfs","domain":"","remote_address":"","process":"python3.10","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe","dash","sudo","python3.10"],"event_id":"","processArgs":"python3"}],"assertion_id":"no_code_injection_via_proc_memory","class":"Privilege Escalation","class_id":"Privilege Escalation","detections":[{"class_id":"Privilege Escalation","assertion_id":"no_code_injection_via_proc_memory","result":"fail","metadata":{"kind":"code_modification_through_procfs","name":"code_modification_through_procfs_0","format":"file_access","version":"1.0","description":"Code modification through procfs","tactic":"privilege_escalation","technique":"process_injection","subtechnique":"proc_memory","importance":"high","documentation":"https://jibril.garnet.ai/detections/file-access/code_modification_through_procfs"},"score":{"source":"jibril","severity":75,"severity_level":"high","confidence":0.99,"risk_score":74.25},"proc_trees":[{"pid":2132,"process":"python3.10","executable":"/usr/bin/python3.10","arguments":"python3","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe","dash","sudo","python3.10"]},{"pid":2184,"process":"python3.10","executable":"/usr/bin/python3.10","arguments":"python3","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe","dash","sudo","python3.10"]}]}]}],"telemetry":{"total_events":17,"total_connections":15,"unique_domains":12},"score":{"source":"jibril","severity":75,"severity_level":"high","confidence":1},"profile_detections":[{"class_id":"Privilege Escalation","digested_detections":[{"class_id":"Privilege Escalation","assertion_id":"no_code_injection_via_proc_memory","result":"fail","metadata":{"kind":"code_modification_through_procfs","name":"code_modification_through_procfs_0","format":"file_access","version":"1.0","description":"Code modification through procfs","tactic":"privilege_escalation","technique":"process_injection","subtechnique":"proc_memory","importance":"high","documentation":"https://jibril.garnet.ai/detections/file-access/code_modification_through_procfs"},"score":{"source":"jibril","severity":75,"severity_level":"high","confidence":0.99,"risk_score":74.25},"proc_trees":[{"pid":2132,"process":"python3.10","executable":"/usr/bin/python3.10","arguments":"python3","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe","dash","sudo","python3.10"]},{"pid":2184,"process":"python3.10","executable":"/usr/bin/python3.10","arguments":"python3","ancestry":["systemd","hosted-compute-agent","Runner.Listener","Runner.Worker","bash","node","node","dash","bun.exe","dash","sudo","python3.10"]}]}]}],"workload_identity":null,"filesystem":null,"execution":null}}