GitHub Actions, the backbone of modern CI/CD, has become the primary target in recent, high profile supply chain attacks.
Incidents like the compromise of the popular TJ-actions/changed-files (impacting over 23,000 repositories) and the multi-stage Shai Hulud 2 attack exposed the immense blast radius of pipeline vulnerabilities, leading to the leak of thousands of sensitive credentials and the compromise of private source code.
The security of your software supply chain is at stake.
We will break down the technical mechanics of these breaches and present actionable, practical principles to secure your automation against credential theft, script injection, and third-party action hijacking.
Crucially, these supply chain protection principles (ranging from the Principle of Least Privilege governing secret scope and lifetime to dependency vetting and input sanitization) are not limited to GitHub; they are universally applicable to securing any modern CI/CD system.
You will walk away with a clear roadmap and the tools needed to transform your pipeline from a critical vulnerability into a robust supply chain sentinel.
Biography
Niek is a Principal Engineer at Philips Group Security, dedicated to building a culture where security is integrated, not added.
With a deep background in software engineering, he now focuses on the strategic evolution of Cloud Security and DevSecOps.
Niek is a passionate advocate for the InnerSource community and remains highly active in the tech ecosystem as an open-source maintainer, public speaker, and conference organizer.
He believes the best software is built—and secured—through collaboration and shared expertise.
By: Niek Palm