Mastodawn

New post: A free GitHub Action that fails CI on leaked Solana wallet keys.

Six regex rules for the common shapes of Solana key leaks: plaintext secrets, keypair JSON arrays, seed phrases in comments, id.json files, unignored .env, hardcoded RPC URLs. Adopt in 3 lines of YAML. MIT, zero deps.

https://dev.to/sai_93caeceb4f6a4d9969910/a-free-github-action-that-fails-ci-on-leaked-solana-wallet-keys-how-i-built-and-shipped-3n9c

#solana #security #githubactions

A free GitHub Action that fails CI on leaked Solana wallet keys — how I built and shipped cipher-solana-wallet-audit

Every few weeks a Solana solo dev wakes up to a drained wallet and the same post-mortem: a private...

DEV Community

Jorijn Schrijvershof 15h ago

GitHub Actions agentic workflows: natural-language CI/CD meets reality

https://jorijn.com/en/blog/github-actions-agentic-workflows-natural-language-cicd/

#GitHubActions #DevOps #AI #jorijncom

GitHub Actions agentic workflows: natural-language CI/CD meets reality | Jorijn Schrijvershof

GitHub Actions agentic workflows let AI agents run CI/CD tasks from Markdown files. An honest look at the security model, use cases, and real-world limitations.

Nicolas Fränkel 🇪🇺🇺🇦🇬🇪1d ago

zizmor is a static #analysis #tool for #GitHubActions.

https://docs.zizmor.sh/

Welcome to zizmor's documentation! - zizmor

Static analysis for GitHub Actions

Hugo van Kemenade 4d ago

Do you use astral-sh/setup-uv@v7 in #GitHubActions?

And it's not hash-pinned?

And you use #Dependabot or #Renovate?

The setup-uv project has switched to only Vx.y.z tags, no more Vx or Vx.y.

But Dependabot and Renovate won't upgrade from Vx to Vx.y.z, so you'll need to manually update to [email protected] to keep up with future updates.

"To increase security even more we will stop publishing minor tags. You won't be able to use v8 or v8.0 any longer."

https://github.com/astral-sh/setup-uv/issues/830
#Python #uv

Release v8.0.0 does not work with v8 or v8.0 · Issue #830 · astral-sh/setup-uv

neither astral-sh/setup-uv@v8 nor astral-sh/[email protected] work -- only astral-sh/[email protected] works

GitHub

Analyst207 4d ago

OpenAI Revokes macOS Certs Amid Supply Chain Breach Fallout

A recent supply chain breach has raised concerns about software trustworthiness, prompting OpenAI to revoke its macOS code-signing certificates after a malicious package was executed in its build pipeline. This swift action highlights the vulnerability of even the most secure systems to supply chain attacks.

https://osintsights.com/openai-revokes-macos-certs-amid-supply-chain-breach-fallout?utm_source=mastodon&utm_medium=social

#SupplyChain #CodeSigning #Macos #GithubActions #Axios

OpenAI Revokes macOS Certs Amid Supply Chain Breach Fallout

OpenAI revokes macOS certs after supply chain breach, learn how the incident exposed code-signing keys and what it means for software trust. Read the full impact now.

OSINTSights

Analyst207 4d ago

OpenAI Disrupts macOS App Signing Process After Supply Chain Breach

OpenAI recently took swift action to protect its users by revoking a macOS app certificate after discovering a malicious library had been downloaded through a GitHub Actions workflow used to sign its applications. This move highlights the vulnerability of even trusted software signing processes to supply chain breaches, and the…

https://osintsights.com/openai-disrupts-macos-app-signing-process-after-supply-chain-breach?utm_source=mastodon&utm_medium=social

#SupplyChain #Macos #AppSecurity #CertificateRevocation #GithubActions