StepSecurity | GitHub Actions
Close the CI/CD Security Gap. Enhance GitHub Actions Security with StepSecurity Maintained Actions and robust runner runtime security with network egress filtering| www.stepsecurity.io
Close the CI/CD Security Gap. Enhance GitHub Actions Security with StepSecurity Maintained Actions and robust runner runtime security with network egress filtering| www.stepsecurity.io
A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.| wiz.io
A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains. A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains.| Unit 42
Yesterday, the tj-actions repository, a popular tool used with Github Actions was compromised (for more background read one of these two articles). Watching the infrastructure and security engineering teams at Carta respond, it highlighted to me just how much LLMs can’t meaningfully replace many essential roles of software professionals. However, I’m also reading Jennifer Palkha’s Recoding America, which makes an important point: decision-makers can remain irrational longer than you can...| lethain.com
