VentureBeat

GitHub launches Actions to execute code in containers and security alerts for Java and .NET projects

The GitHub code repository, which has been used by 31 million developers around the world in the past year, today announced a sweeping series of changes, including Actions, a new way for developers to ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
InfoWorld

Use GitHub Actions to deploy code to Azure

There’s a lot more to building modern applications than hitting F5 and building your app. Code is only part of the process. Building an effective CI/CD (continuous ...
Ars Technica

Large enterprises scramble after supply-chain attack spills their secrets

Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer ...
CSOonline

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own name. A ...