• A_norny_mousse@piefed.zip
    link
    fedilink
    English
    arrow-up
    9
    ·
    21 hours ago

    That sounds big & creepy:

    On Microsoft’s Azure Sentinel, for example, Novee found a comment on a PR that could run anonymous attacker code on Microsoft’s CI and steal a non-expiring GitHub App key.

    I wonder if/how alternative VCS platforms that provide similar workflow services are affected.