News

Hackaday2y
This Week In Security: GitHub Actions, SHA-1 Retirement, And A Self-Worming Vulnerability
It should be no surprise that running untrusted code in a GitHub Actions workflow can have unintended consequences. It’s a killer feature, to automatically run through a code test suite whenever ...
TheServerSide4y
Full GitHub Actions environment variables list for YAML build workflow scripts example
Here are the 81 environment variables the ubuntu-latest GitHub ... 13 PGUSER=postgres PHPROOT=c:\tools\php POWERSHELL_DISTRIBUTION_CHANNEL=GitHub-Actions-win19 PROCESSOR_ARCHITECTURE=AMD64 ...
InfoQ2mon
Compromised GitHub Action Highlights Risks in CI/CD Supply Chains
By safely duplicating production traffic to a shadow environment, teams can replicate ... Register now. A popular GitHub Action used by thousands of repositories recently compromised those ...
TheServerSide4y
10 best GitHub Actions examples
This example creates a simple YAML file that runs a few BASH commands to help a developer explore the contents of the Ubuntu runtime the GitHub Actions runner uses. DevOps professionals who are new to ...
InfoWorld3mon
Thousands of open source projects at risk from hack of GitHub Actions tool
App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...
TechCrunch5y
GitHub gets a built-in IDE with Codespaces, discussion forums and more
The highlight of GitHub’s announcement is surely the launch of GitHub Codespaces, which gives developers a full cloud-hosted development environment ... to that of GitHub Actions, where it ...
Infosecurity-magazine.com2mon
Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise
A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub action has left a trail of digital destruction, affecting 218 GitHub repositories. As investigators dig deeper ...