Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Learn about critical security vulnerabilities in GitHub Actions through a 21-minute conference talk that examines three distinct vulnerability types affecting CI/CD pipelines. Explore practical code execution examples stemming from unsanitized user inputs, discover potential supply chain attacks targeting third-party actions used by organizations and government agencies, and understand the implications of OIDC misconfiguration between GitHub Actions and AWS. Master essential mitigation strategies for detecting and patching these vulnerabilities, while gaining insights into proper triage methods for potential exploits. Follow along with detailed examples covering user-controlled events, runtime files, supply chain security, AWS OIDC integration, and comprehensive security measures to protect GitHub Actions workflows.
