Legitify adds support for GitLab and GitHub Enterprise Server
We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft, and sensitive data...
Sort By:
Sort By
We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft, and sensitive data...
The Legit Security Research Team discovered a new class of software supply chain vulnerabilities that leverages artifact poisoning and attacks the...
When GitHub released Codespaces last year it was touted as their best release since GitHub Actions. If you’re using Codespaces or thinking about it,...
Update: a few weeks after this publication, GitHub decided to fix the issue and employed the mitigation we recommended to them in our initial report....
In this blog post, we'll discuss a new type of GitHub Actions workflow vulnerability we called "GitHub Environment Injection". We've found a couple of
Earlier today, Stephen Lacy published a Twitter post about a massive attack attempt on GitHub. This attack attempt is a huge deal, but fortunately it...
GitHub is one of the most widely used software development platforms. You’d be hard-pressed to find a developer or a business that has never used or...
Configuring security in GitHub correctly can offer strong protection against breaches related to application vulnerabilities. The platform comes with...
In this blog post, we’ll explore a bug we’ve found in a popular third-party action and how in some cases it could lead to your SDLC pipeline being...
On Friday April 15, GitHub Security announced it had detected the compromise of OAuth access tokens issued to Heroku and Travis-CI integrations to...
On April 1st, GitLab announced Critical Security Release CVE-2022-1162, disclosing a very bizarre vulnerability and illustrating some important...
At Legit Security, we’re focused on preventing software supply chain attacks and securing the SDLC for our customers and the broader cybersecurity...
Exposed secrets in source code pose a risk to you, your team and your entire organization. But what are secrets exactly? How do they become exposed?...
Please join our mailing list for future updates and announcements.