Sveriges mest populära poddar

Open Source Security

tj-actions with Endor Lab's Dimitri Stiliadis

33 min•28 april 2025

Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-stage attack vector and the broader often-overlooked vulnerabilities in our CI/CD pipelines, emphasizing the need to treat these build systems with production-level security rigor instead of ignoring them.

The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-04-tjactions_with_dimitri_stiliadis/

Fler avsnitt av Open Source Security

AIBOM, CBOM, and HBOM with Allan Friedman

29 juni•35 min

Packagist and Composer security with Jordi Boggiano

22 juni•35 min

Sustaining Open VSX with Mike and Thabang

15 juni•37 min

Hacking your CI/CD with François Proulx

8 juni•36 min

Open source verification with Sal Kimmich

1 juni•32 min

Vulnerability disclosure with Casey Ellis

25 maj•38 min

F-Droid the open app store with Hans

18 maj•37 min

Open source is critical infrastructure with Kat Cosgrove

11 maj•38 min

How to actually test a disaster plan with David Bernstein

Open Source Pledge with Vlad-Stefan Harbuz

27 apr.•35 min

Open Source Security med Josh Bressers finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.