HackerTrans
TopNewTrendsCommentsPastAskShowJobs

datosh

no profile record

Submissions

Kubernetes' Default CoreDNS Configuration Is *Insecure

blog.kammel.dev
3 points·by datosh·2 เดือนที่ผ่านมา·0 comments

96% of GitHub repos have high severity issues in their Action workflows

pin-gh-actions.kammel.dev
2 points·by datosh·2 เดือนที่ผ่านมา·1 comments

comments

datosh
·2 เดือนที่ผ่านมา·discuss
In the light of recent supply chain attacks I have conducted a scan of the top 10k repos (by stars) using the GHA security scanner zizmor.

The results are quite sobering. Many of the recent supply chain attacks were preventable, since zizmor is pointing out the exact weaknesses that were used: unpinned dependencies, template injection, ... and many more.

Happy for any input and feedback on the data and presentation, as well as ideas on how we use this to improve the security posture of our open source community!

In case you want to leave an issue or star: https://github.com/datosh/pinned-actions