Noam Dotan : Dec 1, 2022 9:02:33 AM
The Legit Security Research Team discovered a new class of software supply chain vulnerabilities that leverages artifact poisoning and attacks the underlying software development pipelines for projects using GitHub Actions. In this fourth blog...
Read More
Noam Dotan : Sep 28, 2022 1:37:33 PM
When GitHub released Codespaces last year it was touted as their best release since GitHub Actions. If you’re using Codespaces or thinking about it,...
Noam Dotan : Sep 8, 2022 11:47:40 AM
Update: a few weeks after this publication, GitHub decided to fix the issue and employed the mitigation we recommended to them in our initial report....
Noam Dotan : Sep 1, 2022 10:00:03 AM
In this blog post, we'll discuss a new type of GitHub Actions workflow vulnerability we called "GitHub Environment Injection". We've found a couple of
1 min read
Noam Dotan : Aug 29, 2022 9:17:15 PM
LastPass, one of the world's largest password managers with 25 million users, disclosed that an unauthorized party had gained access to portions of...
Noam Dotan : May 2, 2022 10:44:09 AM
In this blog post, we’ll explore a bug we’ve found in a popular third-party action and how in some cases it could lead to your SDLC pipeline being...
Noam Dotan : Apr 4, 2022 3:01:54 PM
At Legit Security, we’re focused on preventing software supply chain attacks and securing the SDLC for our customers and the broader cybersecurity...
