Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Security Risks in Third-Party GitHub Actions - Overlooked Consequences

BSidesLV via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the critical security risks associated with third-party GitHub Actions in this eye-opening conference talk. Delve into an analysis of build logs from top GitHub repositories, uncovering alarming issues related to permissions and build integrity. Learn about the widespread failure to manage build permissions effectively and the potential consequences, including unauthorized access to cloud resources and malware introduction. Examine the concept of "unpinnable actions" and challenge common security practices, such as action pinning. Discover the conditions that render actions unpinnable and gain insights into the surprising percentage of popular actions that fall into this category. Equip yourself with essential knowledge to enhance the security of your CI/CD pipelines and protect your projects from overlooked vulnerabilities in third-party GitHub Actions.

Syllabus

GF - Actions have consequences: The overlooked Security Risks in 3rd party GitHub Actions

Taught by

BSidesLV

Reviews

Start your review of Security Risks in Third-Party GitHub Actions - Overlooked Consequences

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.