Listened to
Open Source Security: tj-actions with Endor Lab's Dimitri Stiliadis
Post details
Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-stage attack vector and the broader often-overlooked vulnerabilities in our CI/CD pipelines, emphasizing the need to treat these build systems with production-level security rigor instead of ignoring them. The show notes and blog post for this episode can be found at
by 
Jamie Tanna
.
This post was filed under listens.
Interactions with this post
Interactions with this post
Below you can find the interactions that this page has had using WebMention.
Have you written a response to this post? Let me know the URL:
Do you not have a website set up with WebMention capabilities? You can use Comment Parade.