We'll be at Black Hat in Las Vegas! Connect with us in person -->

Blog Contact Us Sign In
Platform
Platform - ASPM Icon
Application Security Posture Management (ASPM)
Platform - Secrets Detection & Prevention
Secrets Detection & Prevention
Platform - Continuous Compliance and SBOM Icon
Continuous Compliance and SBOM
Platform - Software Supply Chain Security SSCS Icon
Software Supply Chain Security (SSCS)
Platform - AI Security Posture Management (AI-SPM) Icon
AI Security Posture Management (AI-SPM)
Platform - AppSec Vulnerability Management Icon
AppSec Vulnerability Management
Integrations
Why Legit
Why Legit - Customers Icon
Customers
Resources
Resources - Blog Icon
Blog
Resources - Resource Library Icon
Resource Library
Resources - Open Source with Legitify Icon
Open Source w/ Legitify
Resources - Events Icon
Events
Company - About Legit Icon 2
ASPM Knowledge Base
Company
Company - Partners Icon
Partners
Company - About Legit Icon 2
About Legit
Company - Press Releases Icon 1
Press Releases
Company - In the News Icon
In the News
Company - Careers Icon
Careers
image of blog Noam Dotan

Noam Dotan

Showing all posts by Noam Dotan

Legit Security | How to Mitigate the Risk of GitHub Actions. Get highlights of our research into the security of GitHub Actions, and our advice on mitigating the risk.
CISO Best Practices AppSec Threats

How to Mitigate the Risk of GitHub Actions

September 09, 2024

How to Mitigate the Risk of GitHub Actions. Get highlights of our research into the security of GitHub Actions, and our advice on mitigating the risk.

Read More
Legit Security | Security of the Building Blocks of GitHub Actions Workflows. Understand the security status of GitHub Actions workflows and how to mitigate the risk.
Best Practices AppSec

Preview of State of GitHub Actions Security Report: Security of GH Workflows Building Blocks

August 09, 2024

Security of the Building Blocks of GitHub Actions Workflows. Understand the security status of GitHub Actions workflows and how to mitigate the risk.

Read More
Legit Security | Security of Custom GitHub Actions. Get details on Legit's research on the security of custom GitHub Actions.
CISO Best Practices AppSec

Security of Custom GitHub Actions

July 19, 2024

Security of Custom GitHub Actions. Get details on Legit's research on the security of custom GitHub Actions.

Read More
Legit Security | Announcing the State of GitHub Actions Security Report. Get details on Legit's research on the security of GitHub Actions.
CISO Best Practices AppSec

Announcing The State of GitHub Actions Security Report

July 16, 2024

Announcing the State of GitHub Actions Security Report. Get details on Legit's research on the security of GitHub Actions.

Read More
Legit Security | Using AI to Reduce False Positives in Secrets Scanners. Get an overview of how secrets scanners work, and how Legit is reducing secret-scanning false positives..  
Best Practices AppSec Legit

Using AI to Reduce False Positives in Secrets Scanners

March 11, 2024

Using AI to Reduce False Positives in Secrets Scanners. Get an overview of how secrets scanners work, and how Legit is reducing secret-scanning false positives..  

Read More
Gain insights into GenAI applications and how they represent an innovative category of technology, leveraging Large Language Models (LLMs) at their core.
AppSec

GenAI-Based Application Security 101

February 13, 2024

Gain insights into GenAI applications and how they represent an innovative category of technology, leveraging Large Language Models (LLMs) at their core.

Read More
Legit Security | Explore the collaborative effort by OpenSSF and leading security vendors in the release of SCM Best Practices Guide.
Legit

OpenSSF SCM Best Practices Guide Released With Contributions From Legitify

September 13, 2023

Explore the collaborative effort by OpenSSF and leading security vendors in the release of SCM Best Practices Guide.

Read More
Legit Security | Legit Security's ASPM platform offers an enterprise-grade ASPM solution, proven by customers.
AppSec Legit Partners

Legit Security and CrowdStrike: Securing Applications from Code Creation to Cloud Deployment

August 29, 2023

Legit Security's ASPM platform offers an enterprise-grade ASPM solution, proven by customers.

Read More
Legit Security | This blog shows another case of GitHub Actions environment injection vulnerability in a Google repository.
Legit Threats

How We Found Another GitHub Actions Environment Injection Vulnerability in a Google Project

July 03, 2023

This blog shows another case of GitHub Actions environment injection vulnerability in a Google repository.

Read More
New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.
Threats SCMs

Novel Pipeline Vulnerability Discovered; Rust  Found Vulnerable

December 01, 2022

New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.

Read More
GitHub configurations aren't secure out of the box. It's up to you to secure them. This blog discusses GitHub's new Codespaces product and how to secure it.
Best Practices SCMs

GitHub Codespaces Security Best Practices

September 28, 2022

GitHub configurations aren't secure out of the box. It's up to you to secure them. This blog discusses GitHub's new Codespaces product and how to secure it.

Read More
GitHub’s required reviewers capability can be bypassed if currently using this setting to require at least one code review before merging code.
Threats SCMs

Attackers Can Bypass GitHub Required Reviewers to Submit Malicious Code

September 08, 2022

GitHub’s required reviewers capability can be bypassed if currently using this setting to require at least one code review before merging code.

Read More
Learn how Legit Security discovered a vulnerable GitHub actions workflow that affected Google, Apache and potentially many more. Get details on the vulnerability and what you can do to mitigate it.
Legit Threats SCMs

Google & Apache Found Vulnerable to GitHub Environment Injection

September 01, 2022

Learn how Legit Security discovered a vulnerable GitHub actions workflow that affected Google, Apache and potentially many more. Get details on the vulnerability and what you can do to mitigate it.

Read More
LastPass data breach: unauthorized access compromised developer accounts and proprietary source code. Learn about the LastPass security incident details and how to protect your business.
Best Practices Threats

How Was LastPass Compromised?? Software Supply Chain Attack Tips

August 29, 2022

LastPass data breach: unauthorized access compromised developer accounts and proprietary source code. Learn about the LastPass security incident details and how to protect your business.

Read More
We examine a bug we’ve found in a popular third-party GitHub action and how it could lead to your SDLC pipeline being attacked. Read more to improve GitHub security and secure your software supply chain.
Best Practices Legit Threats SCMs

Vulnerable GitHub Actions Workflows Part 2: Actions That Open the Door to CI/CD Pipeline Attacks

May 02, 2022

We examine a bug we’ve found in a popular third-party GitHub action and how it could lead to your SDLC pipeline being attacked. Read more to improve GitHub security and secure your software supply chain.

Read More
Learn how Legit Security discovered a vulnerable GitHub actions workflow. Get details on the vulnerability and and what you can do to mitigate it.
Best Practices Legit Threats SCMs

Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline

April 04, 2022

Learn how Legit Security discovered a vulnerable GitHub actions workflow. Get details on the vulnerability and and what you can do to mitigate it.

Read More

Request a Demo

Request a demo including the option to analyze your own software supply chain.

Request a Demo