Loading…
June 21-24, 2022
Austin, Texas, USA + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central Daylight Time (UTC -5). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Wednesday, June 22 • 4:35pm - 5:15pm
Github Actions Security Landscape - Alex Ilgayev & Ronen Slavin, Cycode

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Github Actions, the recent (from 2018) CI/CD addition to the popular source control system, is becoming an increasingly popular DevOps tool mainly due to its rich marketplace and simple integration. As part of our research of the Github actions security landscape, we discovered that in writing a perfectly secure Github actions workflow, several pitfalls could cause severe security consequences. Unless the developers are proficient in the depths of Github best-practices documents, these workflows would have mistakes. Such mistakes are costly - and could cause a potential supply-chain risk to the product. During the talk, we’ll walk you through our journey on how we found and disclosed vulnerable workflows in several popular open-source tools, delved into Github actions architecture to understand the possible consequences of these vulnerabilities, and present what could be the mitigations for such issues.
Speakers
avatar for Ronen Slavin

Ronen Slavin

Cycode, CTO
Ronen Slavin is Chief Technology Officer and co-founder of Cycode with expert knowledge in cybersecurity. Previously, he was the CTO and co-founder of Filelock that uniquely developed a solution to protect data even after a breach has occurred. Fileock was acquired by Reason Software... Read More →
avatar for Alex Ilgayev

Alex Ilgayev

Head of Security Research, Cycode
Alex Ilgayev is a security researcher specializing in software supply chain security vulnerabilities. At Cycode, he is responsible for hunting down security issues and researching possible mitigations. Before that, Alex led the malware research team at Check Point Research, where... Read More →

Github Actions Security Landscape OSS pdf
Wednesday June 22, 2022 4:35pm - 5:15pm CDT
Brazos (Level 2)
  SupplyChainSecurityCon, Countering Compromised Build System