GitHub Actions supply chain attacks
There has been a lot of press about supply chain attacks recently, these type of attacks are nothing new and understanding them is really important for developers using services such as GitHub Actions, given Continuos integration (CI) tools are a critical part of supply chain used in software projects. A supply chain attack targets less secure parts of the development process, this could be the tools and services you depend on, or the docker containers you host your software in....