All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

GitHub introduces workflow execution protections to control who can trigger Actions

By

Allison

2h ago· 2 min readenNews
technologysecurityprogrammingdevops

Summary

GitHub has introduced Workflow Execution Protections in public preview for GitHub Enterprise, organizations, and repositories. This feature allows enterprise administrators to define an allow list that controls who can trigger GitHub Actions workflows and which events are permitted to run them. It addresses a security gap where attackers with repository access could modify workflow files to run malicious code, by letting administrators define rules that GitHub enforces.

Source

bskyGitHub introduces workflow execution protections to control who can trigger Actionsgithub.blog

Key quotes

· 3 pulled
This new capability lets enterprise administrators define an allow list that controls who can trigger GitHub Actions workflows and which events are permitted to run them, giving you predictable, secure workflow execution.
Previously, a workflow ran based on the workflow file in the commit that triggered it. An attacker with repository access could modify that file to run malicious code.
Workflow execution protections close that gap. Administrators define the rules and GitHub A
Snippet from the RSS feed
Workflow execution protections are now in public preview for GitHub Enterprise, organizations, and repositories. This new capability lets enterprise administrators define an allow list that controls who can trigger GitHub…

You might also wanna read

GitHub Actions' Package Manager Lacks Critical Security Features

The article investigates GitHub Actions' dependency resolution system, revealing it functions as a package manager but lacks critical securi

nesbitt.io·6mo ago

GitHub Actions workflows identified as common weak link in open source supply chain attacks

This article analyzes a series of high-profile open source supply chain security incidents from the past 18 months, tracing them back to Git

Andrew Nesbitt·2mo ago

GitHub Agentic Workflows: Automate Repository Maintenance with AI Agents in GitHub Actions

GitHub introduces Agentic Workflows, a new feature that enables developers to automate repository maintenance using AI agents within GitHub

github.github.io·4mo ago

Critique of YAML Anchors in GitHub Actions: Redundancy and Complexity Concerns

The article argues against GitHub's implementation of YAML anchors in GitHub Actions, stating that they are redundant with existing function

blog.yossarian.net·9mo ago

GitHub Platform Overview: AI Coding Tools, Developer Workflows, and Security Features

GitHub is a platform for software development with over 150 million users and 420 million projects. The article highlights GitHub's AI-power

github.com·4mo ago

GitHub Platform Overview: AI Coding Tools, Developer Workflows, and Security Features

The article presents GitHub as a comprehensive platform for software development, highlighting its AI-powered coding tools (GitHub Copilot,

github.com·4mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.