One Article Review
| Source |  CSO |
|---|---|
| Identifiant | 8286270 |
| Date de publication | 2022-12-01 05:01:00 (vue: 2022-12-01 14:06:06) |
| Titre | Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions |
| Texte | The way build artifacts are stored by the GitHub Actions platform could enable attackers to inject malicious code into software projects with CI/CD (continuous integration and continuous delivery) workflows that don't perform sufficient filtering when downloading artifacts. Cybersecurity researchers have identified several popular artifacts download scripts used by thousands of repositories that are vulnerable to this issue.“We have discovered that when transferring artifacts between different workflows, there is a major risk for artifact poisoning - a technique in which attackers replace the content of a legitimate artifact with a modified malicious one and thereby initiate a supply chain attack,” researchers from supply chain security firm Legit Security said in an analysis of the issue.To read this article in full, please click here |
| Envoyé | Oui |
| Condensat | actions analysis are article artifact artifacts attack attackers between build chain ci/cd click code content continuous could cybersecurity delivery different discovered don download downloading downloads due enable face filtering firm from full github have here identified initiate inject insecure integration issue legit legitimate major malicious modified one perform platform please poisoning popular projects read replace repositories researchers risk said scripts security several software stored sufficient supply technique thereby thousands transferring used vulnerable way when which workflows “we |
| Tags | |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.