Body https://youtu.be/Rn9VuC0jQRQ

Our path to an open source, GitOps heaven has exposed new security challenges as our CI solutions are exposed to the outside world. The soft underbelly of our pipeline is as visible to willing contributors as it is to malicious subversives. In this talk, we’ll look at examples of known exploits to GitHub Actions workflows showing how simple bad practices can open our supply chain to attackers.

https://www.rsaconference.com/library/presentation/usa/2023/Pwning the CI GitHub Actions Edition