Seonglae ChoGithub Action Notion
Github Action Usages
Security risks
Whose code am I running in GitHub Actions?
I wanted to know what third-party code I was using in my GitHub Actions. I was able to use standard text processing tools and shell pipelines to get a quick tally.
https://alexwlchan.net/2025/github-actions-audit/
Workflow syntax for GitHub Actions
Workflow files use YAML syntax, and must have either a .yml or .yaml file extension. If you're new to YAML and want to learn more, see " Learn YAML in five minutes." You must store workflow files in the .github/workflows directory of your repository. The name of your workflow.
https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions
GitHub investigating crypto-mining campaign abusing its server infrastructure | The Record by Recorded Future
Code-hosting service GitHub is actively investigating a series of attacks against its cloud infrastructure that allowed cybercriminals to implant and abuse the company's servers for illicit crypto-mining operations, a spokesperson told The Record today.
https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/?utm_source=tldrnewsletter
Notice of breaking changes for GitHub Actions · GitHub Changelog
Notice of breaking changes for GitHub Actions
https://github.blog/changelog/2024-11-05-notice-of-breaking-changes-for-github-actions/
