AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Explore critical security vulnerabilities in GitHub Actions through this DEF CON conference talk that reveals how self-hosted runners can be exploited for supply chain attacks. Learn about the researchers' discovery of widespread GitHub Actions misconfigurations that enabled potential backdoors in major open-source projects, including a detailed case study of their attack on PyTorch. Understand the techniques, tactics, and procedures for escalating privileges within GitHub Actions workflows, starting from compromised self-hosted runners. Discover how insecure defaults in GitHub's security model create systemic vulnerabilities that expose projects to critical attacks from the public internet. Gain insights from the researchers' extensive campaign that resulted in numerous security reports and substantial bug bounties, while understanding the broader implications for CI/CD security in open-source projects, startups, and enterprises.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
