Unit 42 researchers uncover critical GitHub Actions vulnerability

A new attack vector that could compromise GitHub repositories has been uncovered by researchers at Palo Alto Networks' Unit 42 team. The vulnerability, which exploits GitHub Actions artifacts generated during CI/CD workflows, could potentially grant high-level access to cloud environments.

The researchers found that a combination of misconfigurations and security flaws can cause artifacts to leak tokens, including those for third-party cloud services and GitHub itself. These...

15 August 2024 | Developer

GitHub now sends Dependabot alerts for vulnerable Actions

GitHub has announced that it will begin sending Dependabot alerts when it detects vulnerable GitHub Actions.

GitHub Actions makes it easy for developers to automate their workflows. Dependabot, meanwhile, automatically updates dependencies to keep your projects secure.

When an Action vulnerability is discovered, GitHub’s team of security researchers will create an advisory to document it. Following the creation of an advisory, Dependabot alerts will be sent to impacted...

11 August 2022 | Git

GitHub expands CLI functionality to bring Actions to your terminal

GitHub is expanding the functionality of its CLI (Command-Line Interface) tool to bring Actions to your terminal.

The first stable version of GitHub CLI launched in September last year with the aim of enabling developers to keep their repo workflows in their terminal.

“Developers spend a lot of time in their terminals, and our CLI helps to mitigate the frequent context switching between your terminal and GitHub.com,” Amanda Pinsker, Product Designer at GitHub, said...

16 April 2021 | Development Tools