Roy Blit : Jan 25, 2023 3:09:07 PM
We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft, and sensitive data...
Noam Dotan : Dec 1, 2022 9:02:33 AM
The Legit Security Research Team discovered a new class of software supply chain vulnerabilities that leverages artifact poisoning and attacks the...
Roy Blit : Oct 5, 2022 8:07:38 AM
We’re pleased to announce the launch of Legitify – an open-source security tool for GitHub users to automatically discover and remediate insecure...
Noam Dotan : Sep 28, 2022 1:37:33 PM
When GitHub released Codespaces last year it was touted as their best release since GitHub Actions. If you’re using Codespaces or thinking about it,...
Noam Dotan : Sep 8, 2022 11:47:40 AM
Update: a few weeks after this publication, GitHub decided to fix the issue and employed the mitigation we recommended to them in our initial report....
Noam Dotan : Sep 1, 2022 10:00:03 AM
In this blog post, we'll discuss a new type of GitHub Actions workflow vulnerability we called "GitHub Environment Injection". We've found a couple of
Tor Beer : Aug 3, 2022 6:30:29 PM
Earlier today, Stephen Lacy published a Twitter post about a massive attack attempt on GitHub. This attack attempt is a huge deal, but fortunately it...
Amit Hofree : Jun 20, 2022 11:27:37 AM
GitHub is one of the most widely used software development platforms. You’d be hard-pressed to find a developer or a business that has never used or...
Roy Blit : May 31, 2022 8:18:08 AM
Configuring security in GitHub correctly can offer strong protection against breaches related to application vulnerabilities. The platform comes with...
Noam Dotan : May 2, 2022 10:44:09 AM
In this blog post, we’ll explore a bug we’ve found in a popular third-party action and how in some cases it could lead to your SDLC pipeline being...
Roy Blit : Apr 18, 2022 2:02:36 PM
On Friday April 15, GitHub Security announced it had detected the compromise of OAuth access tokens issued to Heroku and Travis-CI integrations to...
Tor Beer : Apr 6, 2022 7:20:02 AM
On April 1st, GitLab announced Critical Security Release CVE-2022-1162, disclosing a very bizarre vulnerability and illustrating some important...
Noam Dotan : Apr 4, 2022 3:01:54 PM
At Legit Security, we’re focused on preventing software supply chain attacks and securing the SDLC for our customers and the broader cybersecurity...
Nir Bashan : Mar 11, 2022 9:18:44 AM
Exposed secrets in source code pose a risk to you, your team and your entire organization. But what are secrets exactly? How do they become exposed?...
