Tag: GitHub Actions
-
The second half of software supply chain security on GitHub
Software supply chain security has rocketed into the public consciousness after a major cybersecurity attack against the U.S. federal …
-
Researchers expose GitHub Actions workflows as risky and exploitable
Despite its widespread use, many GitHub Actions workflows remain insecure, often due to excessive privileges or high-risk dependencies. In …
-
Most GitHub Actions workflows are insecure in some way
Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. …
-
Introducing Artifact Attestations–now in public beta
There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to …
-
Where does your software (really) come from?
Software is a funny, profound thing: each piece of it is an invisible machine, seemingly made of magic words, designed to run on the …
-
Securing GitHub Actions for a safer DevOps pipeline
GitHub Actions provides a platform for continuous integration and continuous delivery (CI/CD), enabling your build, test, and deployment …
-
Use IAM roles to connect GitHub Actions to actions in AWS
Have you ever wanted to initiate change in an Amazon Web Services (AWS) account after you update a GitHub repository, or deploy updates in …
-
Introducing npm package provenance
Starting today, when you build your npm projects on GitHub Actions, you can publish provenance alongside your package by including the …
-
Todas as novidades do GitHub Universe 2022
Veja o que estamos construindo para aprimorar a plataforma de desenvolvimento mais integrada e que permite que pessoas desenvolvedoras e …
-
PurpleUrchin: GitHub Actions Hijacked for Crypto Mining
The Sysdig Threat Research Team has uncovered an extensive crypto mining operation, PurpleUrchin, which abuses free continuous integration …
-
Why we’re excited about the Sigstore general availability
Sigstore is a powerful new technology for signing, verifying, and protecting software supply chains, and we’re very excited by today’s …
-
Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM
Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro …
●●●