Tag
github-actions
Safeguard articles tagged "github-actions" — guides, analysis, and best practices for software supply chain and application security.
63 articles
DevSecOps
Securing GitHub Actions: Hardening Your CI/CD Supply Chain
GitHub Actions is a powerful CI/CD platform — and a significant attack surface. Here's how to lock it down against supply chain threats.
Aug 15, 20226 min read
DevSecOps
GitHub Actions Security Best Practices in 2022
A practical guide to hardening your GitHub Actions workflows against supply chain attacks, secret leaks, and privilege escalation.
Jul 15, 20226 min read
DevSecOps
GitHub Actions Security: Hidden Supply Chain Risks
GitHub Actions workflows execute third-party code with access to your repository secrets. Most teams don't realize how much trust they're placing in action authors.
Sep 25, 20215 min read