Security Boulevard

The Future Of GitHub Actions Security And What You Can Do Right Now

GitHub is hardening Actions with deterministic dependencies, scoped secrets, and policy controls. Teams still need immediate ...
Hosted on MSN

GitHub walks back plan to charge for self-hosted runners

“We’ve read your posts and heard your feedback,” GitHub said. “We’re postponing the announced billing change for self-hosted GitHub Actions to take time to re-evaluate our approach.” The company said ...
Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.
CSOonline

Researchers demo new CI/CD attack techniques in PyTorch supply-chain

The proof of concept shows it's possible to upload malicious PyTorch releases to GitHub by exploiting insecure misconfigurations in GitHub Actions. A pair of security researchers managed to infiltrate ...