Hare Krishna Rai
Product Security Engineer with passion for cybersecurity drives to excel in various areas, specialized in conducting penetration testing and code reviews.
Hyderābād, India
Actions
Hare Krishna Rai is a passionate cybersecurity professional with experience in software supply chain security. Currently serving as a Product Security Engineer at a fintech company, they also co-contribute to the SCAGoat open-source project. With over three years of experience in software supply chain security, their expertise spans code review, penetration testing, and GenAI LLM penetration testing.
Hare is an active speaker, having presented at prestigious events such as DEF CON Demolabs, AppSec Village Arsenal, Black Hat, c0c0n, and Null Hyderabad. Beyond their professional pursuits, they enjoy listening to music, watching sci-fi movies, and reading books for personal growth. Always eager to take on new challenges, Hare is committed to advancing their career in cybersecurity and contributing to the broader infosec community.
Links
Area of Expertise
Topics
Catch the Flow: Securing CI/CD with Flowlyt
In March 2025, a critical supply chain attack struck the popular GitHub Action `tj-actions/changed-files`, used by more than 23,000 repositories. The attacker slipped in a malicious version that silently exfiltrated CI/CD secrets by printing them to workflow logs—everything from Personal Access Tokens to private SSH keys was suddenly at risk. This incident (CVE-2025-30066) revealed just how easy it is for a trusted third-party action to turn into a threat vector, especially when security controls around CI/CD workflows are lacking.
We built Flowlyt as a static analysis and policy-as-code tool that scans GitHub Actions workflows for signs of malicious behavior, hardcoded secrets, and insecure patterns. With support for Open Policy Agent (OPA), it lets security teams define and enforce custom rules that align with their CI/CD security standards.
SCAGoat
SCAGoat is a deliberately written vulnerable application designed for performing and learning Software Composition Analysis (SCA). There are many vulnerable web applications available to learn web app pentesting however there are not much resources to learn SCA, essentially applications built on vulnerable Open Source Software(OSS)
Hare Krishna Rai
Product Security Engineer with passion for cybersecurity drives to excel in various areas, specialized in conducting penetration testing and code reviews.
Hyderābād, India
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top