GitHub Actions for Python

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...

Dark Reading

Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines

An attacker submitting changes to an open source repository on GitHub could cause downstream software projects that include the latest version of a component to compile updates with malicious code.

InfoWorld

Thousands of open source projects at risk from hack of GitHub Actions tool

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...

TheServerSide

How to publish GitHub Actions artifacts by example

Community driven content discussing all aspects of software development from DevOps to design patterns. Unfortunately, the ephemeral Docker container on which the GitHub Actions artifacts are created ...

TechCrunch

Four years after being acquired by Microsoft, GitHub keeps doing its thing

It’s been four years to the day since Microsoft closed its acquisition of GitHub, which at the time was mostly a code repository. Today’s GitHub looks quite a bit different, now that it added CI/CD ...

Some results have been hidden because they may be inaccessible to you

Show inaccessible results