Feb. 2, 2024, 11:01 p.m. | Stephen Weigand

SC Magazine feed for Strategy www.scmagazine.com

A GitHub Actions workflow could have been used for a command injection vulnerability in Bazel, which had the potential for threat actors to add malicious code into the production environment for projects using the Google open-source product.

actions bug code command command injection devsecops environment github github actions google injection malicious product production projects supply supply chain testing testing tool third-party-code threat threat actors tool vulnerability

Director of the Air Force Cyber Technical Center of Excellence (CyTCoE)

@ Air Force Institute of Technology | Dayton, OH, USA

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Senior Cybersecurity Engineer

@ Hitachi | (STS) Perth - Belmont

Cyber Security Expert (W/M)

@ Worldline | Seclin - 59, Nord, France

Senior CISO

@ Alter Solutions | Madrid, Spain

IT Security Specialist

@ BDO | Eindhoven, Netherlands