The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree
Prisma Clud
SEPTEMBER 14, 2023
Get an in-depth look at the attack vectors, technical details and a real-world demo in this blog post highlighting our latest research. Reference a tag. Figure 8: Calling an action using a tag We can use the secrets exfiltrated in the flow to infect the repository with malicious code. Reference a commit hash. Reference a branch.
Let's personalize your content