Palo Alto Networks

AppSec

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows

In today’s post, we look at action pinning, one of the profound mitigations against supply chain attacks in the GitHub Actions ecosystem. It turns out, though, that action pinning comes with a downside — a pitfall we call "unpinnable actions" that allows attackers to execute code in GitHub Actions workflows.

As we discussed in the previous blog post, Third-Party GitHub Actions: Effects of an Opt-Out Permission Model, the permissive nature of GitHub Actions...

CI/CD

DevOps

Aug 30, 2023

By Yaron Avital

Palo Alto Networks

Products and Services

Partners

Application Security, CI/CD

AppSec for the Modern Engineering Ecosystem

Software engineering is changing, becoming a driving force in business and bringing about big changes in how application security (AppSec) is approached. Complexity is gaining the upper hand, with more developm...

May 18, 2023

By Daniel Krivelevich

Cloud Computing, DevSecOps

AppSec and CloudSec 101: Blurring the Lines Between Cloud-Native App Layers

Not too long ago, IT security models were relatively straightforward. They were broken into layers — the infrastructure layer, the application layer, sometimes the network layer, a...

Sep 28, 2022

By Chris Tozzi

Cloud Computing, DevSecOps

A Primer on Secure DevOps: Learn the Benefits of These 3 DevSecOps Use Case...

DevSecOps has risen to buzzword status in the past few years, encompassing several shift-left security use cases. And while the word DevSecOps gets thrown around a lot, there are s...

Sep 22, 2022

By Julia Benson

Announcement, DevSecOps

Prisma Cloud Announces Software Composition Analysis (SCA) To Help Organiza...

Modern applications are more interconnected than ever with the delineations between each cloud-native code component – infrastructure as code (IaC), Kubernetes manifests, open sour...

Sep 20, 2022

By Guy Eisenkot

Load more blogs