Mastodon Feed
Boosted by glyph ("Glyph"):
sethmlarson ("Seth Larson") wrote:
RE: https://mastodon.social/@andrewnez/116478133377243019
Workflow security continues to be a common cause of compromises of open source projects.
If you're using GitHub Actions and don't want this to happen to your project: use Zizmor and treat the findings seriously, especially insecure triggers and user-controllable template injections.