This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.

Remove prisma-cloud secrets-security-across-files-repositories-pipelines
Remove Blog Related Topics
DevOps Continuous Delivery Linux Firewall Open Source Business Intelligence Applications Architecture Network Storage More Related Topics >
article thumbnail

The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree

Prisma Clud

SEPTEMBER 14, 2023

Learn how a novel attack vector in GitHub Actions allows attackers to distribute malware across repositories using a technique that exploits the actions dependency tree and puts countless open-source projects and internal repositories at risk.

Malware 144
Malware Open Source Research Software 144
article thumbnail

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows

Prisma Clud

AUGUST 30, 2023

As we discussed in the previous blog post, Third-Party GitHub Actions: Effects of an Opt-Out Permission Model , the permissive nature of GitHub Actions workflows is prevalent throughout the open-source community and private projects on GitHub. Figure 1: GitHub Actions workflow consumes a secure, pinned version of a third-party action.

Software Review 98
Software Review Systems Review Open Source Resources 98
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Exposed Credentials Across the DevSecOps Pipeline: 5 Places Secrets Hide in Plain Sight

Prisma Clud

JANUARY 17, 2023

Avoiding secrets exposure is critical, but is not always easy. Secrets can hide anywhere — in infrastructure as code (IaC) and application code files, repo config files, delivery pipeline config files and more — and if those files become public, for whatever reason, those secrets can fall into the wrong hands.

Weak Development Team 52
Weak Development Team Firewall Applications Authentication 52
article thumbnail

Crawl, Walk, Run: Operationalizing Your IaC Security Program

Prisma Clud

JANUARY 10, 2023

You’ve decided to shift your cloud security left. You researched vendors, evaluated solutions, did a proof of concept and now you’re off the IaC security races. You know what your efficient, secure-by-default future holds, but how do you get there? Path 3 enables the most complete adoption of IaC security.

Programming 52
Programming Development Team Review Software Review Policies 52
article thumbnail

3 Simple Techniques to Add Security Into the CI/CD Pipeline

Palo Alto Networks

OCTOBER 9, 2020

I propose that there are three fundamental and concrete practices DevOps and security teams can adopt to add security into the CI/CD pipeline and secure critical applications, involving: Infrastructure-as-Code (IaC). DevOps Teams Do Not Need to Be Security Experts. Security Teams Require a Trust-But-Verify Posture.

DevOps 96
DevOps Software Review Compliance Technical Review 96
article thumbnail

Prevent Secret Leaks: Find and Secure Secrets Across Your Repositories and Pipelines

Prisma Clud

DECEMBER 13, 2022

Developers use secrets to enable their applications to securely communicate with other services. Unfortunately, version control systems (VCS) like GitHub are not secure, which creates potential exposures that can be exploited. If the repo is made public, threat actors can easily find and use the secrets in their attack path.

Policies 97
Policies Cloud Internet Development 97
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 48,000+ Insiders by signing up for our newsletter

About
Webinars
Awards
About
Editions
Webinars
Awards
Editions
Topics
LinkedIn Twitter
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy
© Aggregage 2024