SD Times

Best practices for CI/CD migration: The GitHub Enterprise example

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
Bleeping Computer

Supply chain attack on popular GitHub Action exposes CI/CD secrets

As first reported by StepSecurity, attackers added a malicious commit to the tool on March 14, 2025, at 4:00 PM UTC, that dumped CI/CD secrets from the Runner Worker process to the repository of any ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
InfoWorld

What is GitHub Actions? Automated CI/CD for GitHub

GitHub Actions is a platform built into GitHub that automates software building, testing, and deployment. GitHub, owned by Microsoft, is a hosting service for software development using Git, an open ...
InfoWorld

Advanced CI/CD: 6 steps to better CI/CD pipelines

Configuring basic continuous integration and continuous delivery (CI/CD) pipelines that automate packaging, compiling, and pushing code to application delivery environments is considered a fundamental ...
CSOonline

Researchers demo new CI/CD attack techniques in PyTorch supply-chain

The proof of concept shows it's possible to upload malicious PyTorch releases to GitHub by exploiting insecure misconfigurations in GitHub Actions. A pair of security researchers managed to infiltrate ...