all InfoSec news
Automatic Security Assessment of GitHub Actions Workflows. (arXiv:2208.03837v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
The demand for quick and reliable DevOps operations pushed distributors of
repository platforms to implement workflows. Workflows allow automating code
management operations directly on the repository hosting the software. However,
this feature also introduces security issues that directly affect the
repository, its content, and all the software supply chains in which the hosted
code is involved in. Hence, an attack exploiting vulnerable workflows can
affect disruptively large software ecosystems. To empirically assess the
importance of this problem, in this paper, …
actions assessment github github actions security security assessment workflows