Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-stage attack vector and the broader often-overlooked vulnerabilities in our CI/CD pipelines, emphasizing the need to treat these build systems with production-level security rigor instead of ignoring them.

 

The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-04-tjactions_with_dimitri_stiliadis/

Rss Apple Podcaster
Podden och tillhörande omslagsbild på den här sidan tillhör Josh Bressers. Innehållet i podden är skapat av Josh Bressers och inte av, eller tillsammans med, Poddtoppen.

Open Source Security

tj-actions with Endor Lab's Dimitri Stiliadis

00:00