all InfoSec news
Secure GitHub Actions by pull_request_target
DEV Community dev.to
In this post, I describe how to build secure GitHub Actions workflows by pull_request_target
event instead of pull_request
event.
This post is based on my post written in Japanese. pull_request_target で GitHub Actions の改竄を防ぐ
GitHub Actions is one of the most popular CI platform.
GitHub Actions is powerful, but has a security concern that workflow files .github/workflows/*.yaml
can be tampered and malicious codes can be executed with secrets and permissions in CI.
To solve the issue, I propose using GitHub …
actions build cicd devops event github github actions githubactions japanese platform popular security workflows written