Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows
Prisma Clud
AUGUST 30, 2023
As we discussed in the previous blog post, Third-Party GitHub Actions: Effects of an Opt-Out Permission Model , the permissive nature of GitHub Actions workflows is prevalent throughout the open-source community and private projects on GitHub. Figure 1: GitHub Actions workflow consumes a secure, pinned version of a third-party action.
Let's personalize your content