Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The GitHub Actions Worm - Understanding CI/CD Platform Vulnerabilities

DEFCONConference via YouTube

Start learning Write review
Datacamp Ad

PowerBI Data Analyst - Create visualizations and dashboards from scratch

Learn More → Coursera Ad

Save 43% on 1 Year of Coursera Plus

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Watch a DEF CON 31 conference talk exploring the security vulnerabilities in GitHub Actions and the potential for malicious code propagation. Learn how attackers can exploit the Custom GitHub Actions ecosystem by creating dependency trees and leveraging loose dependencies between actions. Discover the internal workings of GitHub Actions Runner and understand how compromised actions can spread malicious code to dependent projects. Follow along with a proof-of-concept demonstration of a worm spreading through GitHub Actions, and gain insights into defensive strategies against such attacks. Gain valuable cybersecurity knowledge about protecting CI/CD pipelines and understanding the risks associated with third-party actions in the popular GitHub platform.

Syllabus

DEF CON 31 - The GitHub Actions Worm - Asi Greenholts

Taught by

DEFCONConference

Reviews

Start your review of The GitHub Actions Worm - Understanding CI/CD Platform Vulnerabilities

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.