GitHub/Repository Security/GitHub Workflows & Actions: Difference between revisions

Add OpenSSF article
m (adding a note about validating dependabot in a secure way based on bug https://bugzilla.mozilla.org/show_bug.cgi?id=1914746)
(Add OpenSSF article)
Line 36: Line 36:
* [https://www.synacktiv.com/publications/github-actions-exploitation-untrusted-input Real Life Misconfiguration] examples (2024-07-02)
* [https://www.synacktiv.com/publications/github-actions-exploitation-untrusted-input Real Life Misconfiguration] examples (2024-07-02)
* [https://www.synacktiv.com/publications/github-actions-exploitation-dependabot Exploiting Dependabot] (2024-08-06)
* [https://www.synacktiv.com/publications/github-actions-exploitation-dependabot Exploiting Dependabot] (2024-08-06)
* [https://openssf.org/blog/2024/08/12/mitigating-attack-vectors-in-github-workflows/ Mitigating Attack Vectors in GitHub Workflows] (2024-08-12)


=== Scanning Tools ===
=== Scanning Tools ===
Confirmed users
1,364

edits