GitHub Actions is a platform built into GitHub that automates software building, testing, and deployment. GitHub, owned by Microsoft, is a hosting service for software development using Git, an open ...
A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
“We’ve read your posts and heard your feedback,” GitHub said. “We’re postponing the announced billing change for self-hosted GitHub Actions to take time to re-evaluate our approach.” The company said ...
A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub action has left a trail of digital destruction, affecting 218 GitHub repositories. As investigators dig deeper ...
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Researchers discovered malicious activity impacting GitHub and popular WordPress and npm tools that could pose significant supply chain risks. In a new report, Armis Labs highlighted three recently ...
Developers who mistype names and owners of GitHub Actions expose their repositories and accounts to malicious code execution, with significant software supply chain implications, researchers have ...
Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
The tj-actions developers cannot pinpoint exactly how the attackers compromised a GitHub personal access token (PAT) used by a bot to perform malicious code changes. Today, Wiz researchers think they ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback