Merge requests and insecure GitHub workflows may lead to supply-chain attacks

by
from The Register on (#634SE)
Story ImageStarting with Google Firebase and Apache Camel repos

Security researchers at Legit Security identified vulnerabilities in the GitHub automated workflows used by Google Firebase and Apache Camel that could have been abused to compromise those open-source projects through their GitHub CI/CD pipeline and insert malicious code....

External Content
Source RSS or Atom Feed
Feed Location http://www.theregister.co.uk/headlines.atom
Feed Title The Register
Feed Link https://www.theregister.com/
Feed Copyright Copyright © 2024, Situation Publishing
Reply 0 comments