DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

GitHub Actions Were Vulnerable to Rust Artifact Poisoning

2 years ago thenewstack.io
GitHub Actions Were Vulnerable to Rust Artifact Poisoning

Summary: This is a summary of an article originally published by The New Stack. Read the full original article here →

People are way too inclined to believe that just because some program, language, operating system, or whatever is safer than others, it’s Safe with a capital S. No, no, it’s not. https://www.legitsecurity.com/ recently revealed a new class of software supply chain vulnerability in https://github.com/features/actions and Rust. This vulnerability leverages artifact poisoning to attack the underlying software development pipelines.

The attacker doesn’t even need code review approval since the vulnerable build action runs with the malicious code before it’s formally accepted into the project.

That said, this also again underlines that you must know exactly what’s in every component you’re using to build your program.

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com