Merge requests and insecure GitHub workflows may lead to supply-chain attacksThomas Claburnon September 1, 2022 at 11:07 The Register


Starting with Google Firebase and Apache Camel repos

Security researchers at Legit Security identified vulnerabilities in the GitHub automated workflows used by Google Firebase and Apache Camel that could have been abused to compromise those open-source projects through their GitHub CI/CD pipeline and insert malicious code.…

Leave a Comment