Confirmed users
1,364
edits
m (adding a note about validating dependabot in a secure way based on bug https://bugzilla.mozilla.org/show_bug.cgi?id=1914746) |
(Add OpenSSF article) |
||
Line 36: | Line 36: | ||
* [https://www.synacktiv.com/publications/github-actions-exploitation-untrusted-input Real Life Misconfiguration] examples (2024-07-02) | * [https://www.synacktiv.com/publications/github-actions-exploitation-untrusted-input Real Life Misconfiguration] examples (2024-07-02) | ||
* [https://www.synacktiv.com/publications/github-actions-exploitation-dependabot Exploiting Dependabot] (2024-08-06) | * [https://www.synacktiv.com/publications/github-actions-exploitation-dependabot Exploiting Dependabot] (2024-08-06) | ||
* [https://openssf.org/blog/2024/08/12/mitigating-attack-vectors-in-github-workflows/ Mitigating Attack Vectors in GitHub Workflows] (2024-08-12) | |||
=== Scanning Tools === | === Scanning Tools === |