GitHub Actions Security Landscape - Understanding Vulnerabilities and Mitigations
BSides Budapest IT Security Conference via YouTube
Build with Azure OpenAI, Copilot Studio & Agentic Frameworks — Microsoft Certified
Future-Proof Your Career: AI Manager Masterclass
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore a conference talk from BSides Budapest IT Security Conference that delves into the security challenges and vulnerabilities within Github Actions CI/CD platform. Learn about critical security pitfalls discovered during research into Github Actions workflows, including potential supply-chain risks that can arise from improperly configured implementations. Understand how developers can inadvertently create security vulnerabilities when writing Github Actions workflows without deep knowledge of best practices. Follow along as speakers Alex Ilgayev and Ilia Shkolyar share their journey of discovering and disclosing vulnerable workflows in popular open-source tools, examine the Github Actions architecture, and present practical mitigations for identified security issues. Master essential knowledge for securing Github Actions implementations and protecting CI/CD pipelines from common security mistakes.
Syllabus
BSidesBUD2022: Github Actions Security Landscape
Taught by
BSides Budapest IT Security Conference