Report Surfaces Thousands of Potential Vulnerabilities in GitHub Workflows - DevOps.com

Report Surfaces Thousands of Potential Vulnerabilities in GitHub Workflows - DevOps.com

Briefly

The report identified more than 7,000 workflows with interpolation of untrusted input, over 2,500 executing untrusted code, and 3,000+ using untrustworthy artifacts. Only 913 out of 19,113 custom GitHub Actions were created by verified users, with 18% having vulnerable dependencies.

DevOps.comhttps://devops.com/report-surfaces-thousands-of-potential-vulnerabilities-in-github-workflows/

98% of job references lacked dependency pinning, and 86% of workflows did not restrict token permissions. DevOps teams need to address risky dependencies and excessive access privileges in workflows to prevent exploitation.

DevOps.comhttps://devops.com/report-surfaces-thousands-of-potential-vulnerabilities-in-github-workflows/