HackerTrans
热门最新趋势评论往期问答秀出招聘

datosh

no profile record

提交

Kubernetes' Default CoreDNS Configuration Is *Insecure

blog.kammel.dev
3 分·作者 datosh·2个月前·0 评论

96% of GitHub repos have high severity issues in their Action workflows

pin-gh-actions.kammel.dev
2 分·作者 datosh·2个月前·1 评论

评论

datosh
·2个月前·讨论
In the light of recent supply chain attacks I have conducted a scan of the top 10k repos (by stars) using the GHA security scanner zizmor.

The results are quite sobering. Many of the recent supply chain attacks were preventable, since zizmor is pointing out the exact weaknesses that were used: unpinned dependencies, template injection, ... and many more.

Happy for any input and feedback on the data and presentation, as well as ideas on how we use this to improve the security posture of our open source community!

In case you want to leave an issue or star: https://github.com/datosh/pinned-actions