Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
GitHub Actions, an automated CI/CD platform for GitHub, has been enhanced for enterprise customers, with capabilities including stronger security and GPU-enhanced runners for machine learning. GitHub ...
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. As previously reported, ...
Last Friday Github saw a supply chain attack hidden in a popular Github Action. To understand this, we have to quickly cover Continuous Integration (CI) and Github Actions. CI essentially means ...
Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. This article dives into the happens-before ...
A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The ...
The proof of concept shows it's possible to upload malicious PyTorch releases to GitHub by exploiting insecure misconfigurations in GitHub Actions. A pair of security researchers managed to infiltrate ...
GitHub rolled out several updates this week aimed at developer collaboration, open source security and enterprise billing. At the center is a new public preview of the GitHub Copilot app for Microsoft ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback