GitHub Actions Security Landscape - Understanding Vulnerabilities and Mitigations
BSides Budapest IT Security Conference via YouTube
Overview
Explore a conference talk from BSides Budapest IT Security Conference that delves into the security challenges and vulnerabilities within Github Actions CI/CD platform. Learn about critical security pitfalls discovered during research into Github Actions workflows, including potential supply-chain risks that can arise from improperly configured implementations. Understand how developers can inadvertently create security vulnerabilities when writing Github Actions workflows without deep knowledge of best practices. Follow along as speakers Alex Ilgayev and Ilia Shkolyar share their journey of discovering and disclosing vulnerable workflows in popular open-source tools, examine the Github Actions architecture, and present practical mitigations for identified security issues. Master essential knowledge for securing Github Actions implementations and protecting CI/CD pipelines from common security mistakes.
Syllabus
BSidesBUD2022: Github Actions Security Landscape
Taught by
BSides Budapest IT Security Conference