Join the Session!
Join us on October 21st, 5-6PM UTC
In our latest webinar, Ian Austin and Benedikt Haußner will demonstrate how an adversary with maintainer-level access to a repository can stealthily tamper with releases built by GitHub Actions to poison entire supply chains, allowing to e.g. exfiltrate critical secrets of downstream consumers (recent npm attacks, anyone?). After a quick introduction on how GitHub Actions work, we'll show four live demos of practical attack paths, walk through forensic indicators, and reason about potential protections.