腾讯网

“用自己服务器也要向GitHub交钱?”微软新规引开发者众怒,官方 ...

“使用自己的硬件也要给 GitHub 交钱了?” 近日,微软旗下的 GitHub 发布了一项看似平常的价格调整计划,结果却在开发者社区掀起轩然大波。根据公告,从 2026 年 3 月 1 日起,GitHub 计划对 GitHub Actions 下的“自托管 runner”收取每分钟 0.002 美元的费用。这也是自 ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
InfoQ

GitHub Actions Custom Runner Images Reach General Availability

GitHub has just announced the availability of custom images for its hosted runners. They've finally left the public preview ...
Bleeping Computer

Latest GitHub Actions news

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
TheServerSide

Full GitHub Actions environment variables list for YAML build workflow scripts example

Community driven content discussing all aspects of software development from DevOps to design patterns. If a developer wants to build a workflow, shell script or build job of any merit, they’ll need ...
CSOonline

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own name. A ...