This week's articles
Zombie Workflows: A GitHub Actions horror story
This article discusses "Zombie Workflows," a GitHub Actions vulnerability pattern where attackers exploit old workflow versions in non-default branches even after fixes are applied to the main branch. SonarSource found 67 such vulnerabilities across popular repositories; GitHub mitigated this by changing workflow execution defaults.
#attack
#ci/cd
#supply-chain
AWS Lambda Managed Instances: A Security Overview
An initial security overview of AWS Lambda Managed Instances, exploring the Bottlerocket-based architecture, the 'Elevator' components, and security insights for this new compute model.
#aws
#containers
#explain
#design
|