GitHub Security Lab’s cover photo
GitHub Security Lab

GitHub Security Lab

Software Development

Securing open source software, together

About us

Website
https://securitylab.github.com
Industry
Software Development

Updates

  • GitHub Actions Security is on a roll! New secure default to combat cache poisoning!

    Today we are shipping the next change to make GitHub Actions secure by default and disrupt supply chain attacks: the Actions cache is now read-only for untrusted workflow triggers. This one directly addresses a class of attack that security researchers have been demonstrating for years, most notably Adnan Khan's work on cache poisoning. The Actions cache is shared across workflows that run on a repository's default branch. A low-privilege or vulnerable workflow, like a pull_request_target with a script injection, a pwn request, or an agent with prompt injection, can poison that cache. A more privileged workflow, like a scheduled publish job, then restores the poisoned entry and runs attacker-controlled code with its secrets. This has been the escalation path behind several recent supply-chain incidents. This change applies least privilege to the cache. Events that are triggered by users with write access and commonly write the default-branch cache, like push and schedule, keep full read-write access. Untrusted triggers, meaning those that can be fired by users without write access to the repository, now receive a read-only cache token by default. We are also working on controls to let teams go further and restrict cache reads and customize cache access for their most sensitive workflows. If you have input on how that should work, we are gathering feedback in the GitHub Community discussion linked in the comments. The full changelog, including which triggers keep read-write caching, is linked in the comments. The Actions product and engineering teams have been crushing it, getting these supply chain hardening releases out the door. Quickly iterating on ideas, scoping their real impact, and making the hard calls that matter. It has been a great group to work with.

  • What happens when you hand an AI agent its own tools, memory, and a path to production? Season 4 of the Secure Code Game is live, and this time the target is agentic AI security. Meet ProdBot. An AI agent built to be broken. It runs on MCP servers, skills, and multi-agent workflows, and every layer is a door someone could walk through. Your job is to find the cracks before an attacker does. Play now: gh.io/scg Free. Open source. Get started in 2 minutes right from your browser. P.S. ProdBot does not know it is vulnerable yet. That part is on you!

  • Workflow Execution Protections is another ✨ security ship from the GitHub Actions team: Control who and what triggers GitHub Actions workflows. For example you can use this new feature to restrict or prohibit pull_request_target across your organization. https://lnkd.in/gbBGgcwp

    Today we shipped Workflow Execution Protections for GitHub Actions, a core component of our 2026 security roadmap Gregory Ose and I published in March. Built on GitHub's ruleset framework, Workflow Execution Protections give administrators the ability to control who can trigger workflows and which events are permitted to run them. These policies can be enforced consistently across enterprises, organizations, and repositories. This gives organizations a centralized way to govern workflow execution and reduce risk from commonly abused triggers such as pull_request_target. I'm incredibly proud of what the team accomplished here. A huge thank you to the Actions engineering team for their partnership in bringing this feature to life over the past several months. Changelog 👉 https://lnkd.in/gzx9g2zT

  • A step towards making GitHub Actions more secure by default: actions/checkout v7 refuses the most common pwn request patterns by default! Read the changelog: Safer pull_request_target defaults for GitHub Actions checkout https://lnkd.in/gWzgskBz

    Today we shipped actions/checkout v7 that refuses the most common pwn request patterns by default. Pwn requests are one of the most widespread and damaging classes of GitHub Actions vulnerabilities. A workflow using pull_request_target runs with repository secrets and a privileged token. Check out the head of an unreviewed fork pull request inside one, and attacker-controlled code runs with all of it. This has been the root cause of many recent and historical supply-chain incidents. In March I started iterating on this idea with the Actions product and engineering teams. There are still valid reasons to check out a fork's head, as long as you never execute it, and removing the capability would just push developers toward less auditable patterns like a manual git checkout in a run script. So we followed the pattern of APIs like React's dangerouslySetInnerHTML: keep a clear, deliberately named escape hatch, and funnel developers to documentation on the risks before they reach for it. The opt-out is named allow-unsafe-pr-checkout, so it is auditable by static analysis and signals to reviewers that the workflow is operating in a potentially unsafe way. Secure by default does not always mean removing a risky behavior. It means a developer has to understand the risk and opt in deliberately. We are also backporting the protection to all currently supported majors on July 16, so workflows on a floating tag like actions/checkout@v4 become secure by default with no work from the developer. Huge thanks to Steve Glass and the Actions team for partnering on this and shipping it. There is always more we can do, and more changes are coming to make Actions secure by default. I think the most impactful ones are still ahead. 🔒 Changelog and guidance on using pull_request_target safely are in the comments.

  • GitHub Security Lab reposted this

    🚀 ¡Nuevo Keynote confirmado para #DevOpsDaysLima2026! Cuando el código abierto que usa medio mundo empieza a ser generado por IA, la pregunta ya no es si hay riesgos. La pregunta es quién los está resolviendo. 🎤 Nos enorgullece anunciar que Xavier René-Corail de GitHub, llega a Lima como Keynote Speaker de esta nueva edición. Referente mundial en seguridad y open source, lidera el trabajo del GitHub Security Lab asegurando el código del que depende gran parte de la infraestructura tecnológica global. Su charla: "𝗢𝗽𝗲𝗻 𝘀𝗼𝘂𝗿𝗰𝗲 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗶𝗻 𝘁𝗵𝗲 𝗔𝗜 𝗲𝗿𝗮" Una sesión donde compartirá las lecciones aprendidas protegiendo código abierto a escala, cómo están enfrentando los ataques a la cadena de suministro y qué significa asegurar código cuando parte de ese código ya no lo escribe un humano. ¿Es la IA el fin del open source o la oportunidad de asegurarlo mejor que nunca? Ven y decide tú mismo. 👀 Una charla imprescindible para quienes quieren proteger su software en esta nueva era. 📅 27 y 28 de agosto de 2026 📍 Centro de Convenciones de Lima - LCC 🎟️ Asegura tu entrada 👉 https://lnkd.in/eetV4ME7 Dos días de charlas, networking y aprendizaje junto a speakers nacionales e internacionales, comunidades tech y líderes que están marcando el rumbo del DevOps en la región. 🌎 🙌 No te quedes fuera. La comunidad te espera. #DevOpsDaysLima2026 #DevOps #DevOpsLATAM #OpenSource #DevSecOps #SupplyChainSecurity #ComunidadDevOps #GitHub

    • No alternative text description for this image
  • GitHub Security Lab reposted this

    We loved every part of it!  At DevTalks Romania 2026, Joseph Katsioloudes brought a hands-on perspective on secure software development in the AI era through “Code Security Reinvented: Navigating the era of AI”. From AI-assisted secure coding and agentic workflows to supply chain security and faster remediation processes, the session explored how AI can help scale security expertise across modern engineering teams. Kudos to you, Joseph!

    • No alternative text description for this image
    • No alternative text description for this image
  • Attending BSides Vilnius? Don't miss 📌 Jaroslav Lobačevski 's session "LLM-assisted vulnerability hunting: hype vs. reality" to hear about the practical experience of using LLM agents for finding, triaging and reporting vulnerabilities in open-source software such as Signal or 7-Zip! 📅 June 4, 16:45 EEST 📍 Vilnius, Lithuania 👉 https://bsidesvilnius.lt/

Affiliated pages

Similar pages