Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The GitHub Actions Worm - Understanding CI/CD Platform Vulnerabilities

DEFCONConference via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Watch a DEF CON 31 conference talk exploring the security vulnerabilities in GitHub Actions and the potential for malicious code propagation. Learn how attackers can exploit the Custom GitHub Actions ecosystem by creating dependency trees and leveraging loose dependencies between actions. Discover the internal workings of GitHub Actions Runner and understand how compromised actions can spread malicious code to dependent projects. Follow along with a proof-of-concept demonstration of a worm spreading through GitHub Actions, and gain insights into defensive strategies against such attacks. Gain valuable cybersecurity knowledge about protecting CI/CD pipelines and understanding the risks associated with third-party actions in the popular GitHub platform.

Syllabus

DEF CON 31 - The GitHub Actions Worm - Asi Greenholts

Taught by

DEFCONConference

Reviews

Start your review of The GitHub Actions Worm - Understanding CI/CD Platform Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.