Our great sponsors
-
harden-runner
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
The SUNSPOT malware, Codecov breach, and lot of compromised open-source packages (like was the case with ua-parser-js) target the CI/ CD pipeline to modify release build or exfiltrate credentials.
As part of writing tests for Harden Runner GitHub Action, which prevents such attacks, there was a need to write attack simulator for these attacks.
You can check out the attack simulator here: https://github.com/step-security/attack-simulator
Related posts
- Show HN: GitHub Actions Goat – Deliberately Vulnerable CI/CD Environment
- Push code with GitHub Actions to Google Cloud’s Artifact Registry
- How to publish on npm with `--provenance` using Lerna-Lite
- you must have the "bigquery.datasets.create" permission on the selected project
- IAM Best Practices [cheat sheet included]