Showing 0 Items
Explore how to use GitHub Actions secrets securely by restricting organizational secrets, using secrets exclusively for sensitive data, and implementing least privileged access.
How threat actors exploited AWS CodeBuild pipelines by stealing secrets from CI/CD memory—and the proactive defenses organizations can deploy to detect, respond to, and prevent such attacks.
Popular Python Package num2words v0.5.15 Published Without Repository Tag, Linked to Known Threat Actor
npm 'is' package versions 3.3.1 and 5.0.0 compromised - critical utility with millions of weekly downloads falls victim to expanding phishing campaign
Unlike GitHub Copilot's built-in network firewall, anthropics/claude-code-action GitHub action operates in GitHub Actions without network restrictions by default. Complete guide to implementing Claude Code in GitHub Actions with runtime security monitoring using Harden-Runner.
Securing GitHub Copilot in GitHub Actions with Harden-Runner
As organizations integrate AI coding agents into their development pipelines, new security considerations emerge. While these tools accelerate development, they require thoughtful security approaches to protect against novel attack vectors like Rules File Backdoor attacks and GITHUB_TOKEN compromise.
We are currently investigating a potential supply chain security incident involving the eslint-config-prettier npm package. This widely-used package, which helps developers maintain consistent code formatting by turning off ESLint rules that conflict with Prettier, appears to have had multiple versions published with suspicious modifications.
