Get to know

Yaron Avital

Sr Staff Researcher

Blogs by Yaron Avital

Sort By:

AppSec, CI/CD, Research

ArtiPACKED: Hacking Giants Through a Race Condition in Github Actions Artif...

Research reveals how GitHub Actions artifacts in CI/CD workflows can leak tokens, granting malicious actors high-level cloud access and enabling severe consequences.

Aug 13, 2024

By Yaron Avital

CI/CD, DevOps

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions W...

Action pinning doesn’t always offer security. Understand risks stemming from the GitHub Actions ecosystem and learn how to avoid compromise of CI/CD pipeline.

Aug 30, 2023

By Yaron Avital

AppSec, CI/CD, Research

Third-Party GitHub Actions: Effects of an Opt-Out Permission Model

Secure GitHub Actions with new research showing high-risk practices and get expert tips to prevent overly permissive workflows in your CI/CD pipeline.

Aug 16, 2023

By Yaron Avital

DevSecOps, Secure the Cloud

Top 3 IAM Risks in Your GitHub Organization

Learn the top 3 IAM risks for GitHub Organizations, and discover practical tips to protect your organization with IAM for your source control management system.

Jul 18, 2023

By Omer Gil and Yaron Avital

Blogs by Yaron Avital

Sort By:

AppSec, CI/CD, Research

Third-Party GitHub Actions: Effects of an Opt-Out Permission Model

Secure GitHub Actions with new research showing high-risk practices and get expert tips to prevent overly permissive workflows in your CI/CD pipeline.

Aug 16, 2023

By Yaron Avital

CI/CD, DevOps

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions W...

Action pinning doesn’t always offer security. Understand risks stemming from the GitHub Actions ecosystem and learn how to avoid compromise of CI/CD pipeline.

Aug 30, 2023

By Yaron Avital

AppSec, CI/CD, Research

ArtiPACKED: Hacking Giants Through a Race Condition in Github Actions Artif...

Research reveals how GitHub Actions artifacts in CI/CD workflows can leak tokens, granting malicious actors high-level cloud access and enabling severe consequences.

Aug 13, 2024

By Yaron Avital

DevSecOps, Secure the Cloud

Top 3 IAM Risks in Your GitHub Organization

Learn the top 3 IAM risks for GitHub Organizations, and discover practical tips to protect your organization with IAM for your source control management system.

Jul 18, 2023

By Omer Gil and Yaron Avital

Yaron Avital

AppSec, CI/CD, Research

ArtiPACKED: Hacking Giants Through a Race Condition in Github Actions Artif...

CI/CD, DevOps

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions W...

AppSec, CI/CD, Research

Third-Party GitHub Actions: Effects of an Opt-Out Permission Model

DevSecOps, Secure the Cloud

Top 3 IAM Risks in Your GitHub Organization

AppSec, CI/CD, Research

Third-Party GitHub Actions: Effects of an Opt-Out Permission Model

CI/CD, DevOps

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions W...

AppSec, CI/CD, Research

ArtiPACKED: Hacking Giants Through a Race Condition in Github Actions Artif...

DevSecOps, Secure the Cloud

Top 3 IAM Risks in Your GitHub Organization

Get the latest news, invites to events, and threat alerts

Products and Services

Company

Popular Links