Microsoft

Securing CI/CD in an agentic world: Claude Code Github action case

Microsoft Threat Intelligence discovered that Anthropic’s Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull ...
The Hacker News

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Microsoft has identified an active supply chain attack targeting the @antv node package manager (npm) package ecosystem. A threat actor compromised an @antv maintainer account and published malicious ...
TheServerSide

Free website hosting with GitHub Pages tutorial

There are various popular options for free website hosting, but for developers who are already familiar with Git and the GitHub ecosystem it simply makes sense to use GitHub Pages. This quick GitHub ...
InfoQ

How GitHub Is Securing Agentic Workflows in Modern CI CD Systems

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
IEEE

Gemini Powered CI/CD Insights: An AI Agent for Real-Time Pipeline Analysis Using Natural Language Commands

Abstract: In today's fast-paced world of software delivery, keeping an eye on everything is more important than ever, especially when it comes to Continuous Integration and Continuous Deployment ...
TechCrunch

Anthropic took down thousands of GitHub repos trying to yank its leaked source code — a move the company says was an accident

Anthropic accidentally caused thousands of code repositories on GitHub to be taken down while trying to pull copies of its most popular product’s source code off the internet. On Tuesday, a software ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets.
winbuzzer.com

GitHub Agentic Workflows Enter Technical Preview for CI/CD AI

GitHub has launched Agentic Workflows into technical preview, letting AI agents handle repository tasks automatically inside GitHub Actions under a framework the company calls continuous AI. Developed ...
Visual Studio Magazine

Threats from the Shadows: Securing the CI/CD Pipeline Against Modern Attacks

Understand how hidden vulnerabilities in CI/CD pipelines and package dependencies can be exploited by attackers. Learn practical, actionable strategies to secure your software supply chain and ...
Neowin

Microsoft graduates Copilot Studio extension for VS Code to general availability

Developers can now build AI agents in VS Code with GitHub Copilot integration, local YAML definitions, and automated CI/CD DevOps workflows. Microsoft has just released the Copilot Studio extension ...
LinkedIn

Modern CI/CD Architecture with GitHub Actions, Argo CD and Argo Rollouts

YouTube Tutorial Video: End-to-End CI/CD: GitHub Actions to Argo CD & Argo Rollouts (Step-by-Step Guide) - Live Demo Included This guide provides a practical, production-style example of a GitOps ...