GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects
Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.
The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment.
The software supply chain security tool from GitHub and Google uses GitHub Actions and Sigstore to generate a "tamper-proof" record describing where, when, and how the software is produced.