| ▲ | cookiengineer an hour ago | |
Don't use github actions. Don't use toolchains that auto execute stuff. Simple as that, because that's the attack surface. https://cookie.engineer/weblog/articles/malware-insights-git... I wrote that article December 2024. Still ongoing, Microsoft. Best enterprise security practices, I suppose shrugs ... | ||