#Github Actions

The Cordyceps Exploits: Why Your CI/CD Pipelines Are Wide Open

A systemic workflow composition flaw exposes hundreds of major repositories, proving we must stop treating CI/CD as passive configuration.

Article · 5d ago0

Audit Your Software Supply Chain: Generate an SBOM with Syft and Gate CI on a Grype Vulnerability Scan

Wire Syft and Grype into your pipeline to produce a machine-readable SBOM and break the build the moment a high-severity CVE appears in your dependencies.

Tutorial · 5d ago0

GitHub Hardens actions/checkout to Block Pwn Request Attacks

The latest security update stops common pipeline exploits but leaves structural CI/CD risks for developers to manage.

Article · 6d ago0

Catch Risky Code Before It Merges: Add Semgrep SAST to Your GitHub Actions Pipeline

Wire Semgrep into GitHub Actions to scan every pull request against OWASP Top 10 rules and a custom rule you write yourself — so a CI failure blocks the merge before risky code reaches main.

Tutorial · 1w ago0

Replace Long-Lived AWS Credentials with GitHub Actions OIDC

Configure IAM and GitHub Actions to exchange short-lived, automatically-expiring AWS credentials on every workflow run — no stored access keys, no rotation toil.

Tutorial · 2w ago0

Scan Your Containers and Dependencies for CVEs with Trivy in CI

Wire Trivy into GitHub Actions to automatically block pull requests that introduce critical or high vulnerabilities in your Docker images or dependency files.

Tutorial · 2w ago0

Set Up a CI Pipeline with GitHub Actions

Build a GitHub Actions workflow that installs dependencies, lints, and tests on every push and pull request — complete with dependency caching, a build matrix, and a live status badge.

Tutorial · 3w ago0

GitHub Outage Knocks Out Issues, PRs and Actions for Signed-Out Users

A roughly 80-minute degradation hit GitHub's Issues, Pull Requests and Actions on June 8, with impact narrowing to unauthenticated traffic before being mitigated.

News · 3w ago5