(Not So) Safe{Wallet}: GitHub Actions Risks Impacting Safe's Frontend
North Korea's Lazarus hacker group compromised the Safe wallet frontend and pulled off a 1.4 billion dollar heist. It could happen again, but this time through GitHub.| Adnan Khan
Learn more about best practices for managing secrets in CI/CD pipelines.| Infisical Blog
For a long time, I wanted to have a well-integrated Open-Source CI/CI Pipeline solution for my personal Gitea code hosting. There are many options out there (Drone, Woodpecker, Jenkins, Concourse, Screwdriver, and a lot more), but none of them made my day. Ever since Gitea Actions were announced, I| Tobias Brunner aka tobru
I host my own GitLab CI/CD runners, and find that having coverage on the riscv64 CPU architecture is useful for testing things. The HiFive Premier P550 seems to be a common hardware choice. The P550 is possible to purchase online. You also need a (mini-)ATX chassi, power supply (~500W is more than sufficient), PCI-to-M2 converter and a NVMe storage device. Total cost per machine was around $8k/€8k for me. Assembly was simple: bolt everything, connect ATX power, connect cables for the front-...| Simon Josefsson's blog
North Korea's Lazarus hacker group compromised the Safe wallet frontend and pulled off a 1.4 billion dollar heist. It could happen again, but this time through GitHub.| Adnan Khan
Overview As teams increasingly rely on automation for code quality and compliance, ensuring consistent coding standards can be challenging during the pull request (PR) process. In this article, we explore how to build an AI-powered style enforcement pipeline using modern tools like GPT-4 and CI/CD workflows. You’ll learn how to: Enforce best practices and team-specific coding guidelines| The Lazy Administrator
In this post, I demonstrate Cacheract, which is an open source proof-of-concept for “Cache Native Malware’ that exploits GitHub Actions cache misconfigurations.| Adnan Khan's Blog
Learn the fundamentals of setting up git repositories and CI/CD in BitBucket.| Vuyisile's Blog
I am using GitLab CI/CD pipelines for several upstream projects (libidn, libidn2, gsasl, inetutils, libtasn1, libntlm, …) and a long-time concern for these have been that there is too little testing on GNU Guix. Several attempts have been made, and earlier this year Ludo’ came really close to finish this. My earlier effort to idempotently rebuild Debian recently led me to think about re-bootstrapping Debian. Since Debian is a binary distribution, it re-use earlier binary packages when ...| Simon Josefsson's blog
In this post, I cover how I discovered a CI/CD misconfiguration in the Release Drafter GitHub action and demonstrated how it could have directly impacted a Google owned open-source repository (and many more!) that used it by tag instead of SHA.| Adnan Khan's Blog
What if there was a supply chain attack that could provide an attacker with direct access to core infrastructure within thousands of companies worldwide. What if that attack required no social engi…| Adnan Khan's Blog
Explore the limitations of traditional functional testing and learn how Visual AI testing can surpass these to achieve visual perfection in software development.| Automated Visual Testing | Applitools
The client was one of the leading providers of personal financing and insurance services. Due to the rising demand for credit cards and personal financing, the infrastructure supporting these services ... Read more| CloudHedge
GitHub Actions caching has some insecure design decisions that allow for some unique attacks. It’s considered working as intended, but there are many ways it can go wrong. Learn how I identif…| Adnan Khan's Blog
Learn about how I used a custom tool to find a Google-owned repository vulnerable to GitHub Actions Poisoned Pipeline Execution Attack and earned a $7,500 bug bounty!| Adnan Khan's Blog
Web3 has a weakness, and that is CI/CD security. Learn how I responsibly disclosed a Critical vulnerability in Astar Network’s GitHub repository that would have allowed attackers to conduct a…| Adnan Khan's Blog
You can use our new CLI written in Golang to calculate the total number of build minutes you're using across an organisation with GitHub Actions.| Alex Ellis' Blog
I saw an opportunity to fix self-hosted runners for GitHub Actions. Actuated is now in pilot and aims to solve most if not all of the friction.| Alex Ellis' Blog
