Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows
Prisma Clud
AUGUST 30, 2023
As we discussed in the previous blog post, Third-Party GitHub Actions: Effects of an Opt-Out Permission Model , the permissive nature of GitHub Actions workflows is prevalent throughout the open-source community and private projects on GitHub. Figure 3: Pyupio/safety’s action.yaml file pulls a mutable image with the ‘latest’ tag.
Let's personalize your content