The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree
Prisma Clud
SEPTEMBER 14, 2023
Get an in-depth look at the attack vectors, technical details and a real-world demo in this blog post highlighting our latest research. When a GitHub Actions workflow uses an action, it downloads a zip of the repository via the GitHub API, bypassing the clone count. Additionally, actions can depend on actions in one of two ways.
Let's personalize your content