May 12
Loading video player...
In this video, we'll explore the implications of the Trivy security incident, where compromised #github actions security pipelines were exploited for malicious intent. Learn how short-lived tokens can significantly mitigate damage, shifting the focus from full rotation to the potential impact of narrowly scoped tokens, enhancing your #cybersecurity posture. We also introduce a "Better detection model" with crucial signals like new external hosts, cloud credential requests, unusual contributor paths, and correlated runs across repositories to bolster your #devops and #ci cd defenses against a #supply chain attack. Timeline: 00:00 How secrets get exposed without obvious signs 01:14 Old mental mode about GitHub Workflows 01:58 How one malicious PR can execute inside your CI 04:46 Why using mutable tags like @v1 or @v4 is risky in GitHub Actions 05:42 Why GitHub is suddenly serious about the CI attacks 06:28 GitHub fixes people do not want to hear 09:54 Final thoughts #techunderthehood #arconsis