all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Automatic Security Assessment of GitHub Actions Workflows. (arXiv:2208.03837v1 [cs.CR])

Add to bookmarks
Aug. 9, 2022, 1:20 a.m. | Giacomo Benedetti, Luca Verderame, Alessio Merlo

cs.CR updates on arXiv.org arxiv.org

The demand for quick and reliable DevOps operations pushed distributors of
repository platforms to implement workflows. Workflows allow automating code
management operations directly on the repository hosting the software. However,
this feature also introduces security issues that directly affect the
repository, its content, and all the software supply chains in which the hosted
code is involved in. Hence, an attack exploiting vulnerable workflows can
affect disruptively large software ecosystems. To empirically assess the
importance of this problem, in this paper, …

actions assessment github github actions security security assessment workflows

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

Mixtures of Gaussians are Privately Learnable with a Polynomial Number of Samples 1 day, 8 hours ago | arxiv.org
alpha arxiv cs.cr cs.ds +16
Image Hijacks: Adversarial Images can Control Generative Models at Runtime 1 day, 8 hours ago | arxiv.org
adversarial algorithm arxiv can +20
Differentially-Private Data Synthetisation for Efficient Re-Identification Risk Control 1 day, 8 hours ago | arxiv.org
addition arxiv can computational +21
Decoding the MITRE Engenuity ATT&CK Enterprise Evaluation: An Analysis of EDR Performance in Real-World Environments 1 day, 8 hours ago | arxiv.org
analysis and response apt arxiv +27
Okapi: Efficiently Safeguarding Speculative Data Accesses in Sandboxed Environments 1 day, 8 hours ago | arxiv.org
architecture arxiv attacks can +12
Watch Out! Simple Horizontal Class Backdoors Can Trivially Evade Defenses 1 day, 8 hours ago | arxiv.org
activates arxiv attacks backdoor +20
Every Breath You Don't Take: Deepfake Speech Detection Using Breath 1 day, 8 hours ago | arxiv.org
aid arxiv cs.cr cs.mm +16
Perturbing Attention Gives You More Bang for the Buck: Subtle Imaging Perturbations That Efficiently Fool … 1 day, 8 hours ago | arxiv.org
arxiv attention challenges cs.cr +13
Saving proof-of-work by hierarchical block structure 1 day, 8 hours ago | arxiv.org
algorithm arxiv bitcoin block +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cyber Systems Administration

@ Peraton | Washington, DC, United States
View on infosec-jobs.com

Android Security Engineer, Public Sector

@ Google | Reston, VA, USA
View on infosec-jobs.com

Lead Electronic Security Engineer, CPP - Federal Facilities - Hybrid

@ Black & Veatch | Denver, CO, US
View on infosec-jobs.com

Profissional Sênior de Compliance & Validação em TI - Montes Claros (MG)

@ Novo Nordisk | Montes Claros, Minas Gerais, BR
View on infosec-jobs.com

Principal Engineer, Product Security Engineering

@ Google | Sunnyvale, CA, USA
View on infosec-jobs.com
View more jobs