Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub action has left a trail of digital destruction, affecting 218 GitHub repositories. As investigators dig deeper ...
Community driven content discussing all aspects of software development from DevOps to design patterns. Despite the title of this article, this may not be a ‘Github Actions braindump‘ in the ...
Community driven content discussing all aspects of software development from DevOps to design patterns. Over the past few months I have been helping professionals who were displaced by the AI ...
Risk vector: Package managers like npm, pip, Maven, and Go modules all enable pulling dependencies directly from GitHub repositories instead of official registries. Attack surface: Using mutable ...
Modern software development depends on automation, and GitHub Actions makes it easier than ever to build, test, and deploy ...
The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s a loaded weapon in the wrong hands Even top-tier security projects like ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback