all InfoSec news
Cycode Discovers a Supply Chain Vulnerability in Bazel
Executive Summary The Cycode Research Team discovered a software supply chain vulnerability in one of Google’s open source flagship products, Bazel. We found that a GitHub Actions workflow could have been injected by a malicious code due to a command injection vulnerability in one of Bazel’s dependent Actions. This vulnerability directly impacts the software supply ... Read more
The post Cycode Discovers a Supply Chain Vulnerability in Bazel appeared first on Cycode.
The post Cycode Discovers a Supply Chain …
actions application security blog cd pipeline ci code command command injection cycode executive found github github actions google injection malicious open source products research software software supply chain software supply chain security supply supply chain supply chain vulnerability team vulnerability