The popular tj-actions/changed-files GitHub Action used by thousands of repositories recently compromised those repositories, exposing a critical weakness in how open-source Actions are published ...

Last week, a supply chain attack on the tj-actions/changed-files GitHub Action caused malicious code to write CI/CD secrets to the workflow logs for 23,000 repositories.

A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD ...

They should also use GitHub’s allow-listing feature to block unauthorized GitHub Actions from running and configure GitHub to allow only trusted actions.

GitHub Action tj-actions/changed-files was compromised, leaking CI/CD secrets. Users must update immediately to prevent unauthorized access.

Write JavaScript Actions Write your own GitHub JavaScript Action and automate customized tasks unique to your workflow.

GitHub’s integrated automated workflow mechanism called GitHub Actions promotes the use of Actions as reusable building blocks in workflows. The majority of those Actions are developed in JavaScript ...

Write JavaScript Actions Write your own GitHub JavaScript Action and automate customized tasks unique to your workflow.