CICI/CD News
LatestAuthorsGlossary
Tag

#workflow-security

Tagged “workflow-security”

1 article
Supply-chain security

Cordyceps: when a stranger's pull request runs as a maintainer

Researchers at Novee catalogue Cordyceps, a class of CI/CD supply-chain exploit where pull requests and comments from untrusted contributors get executed with maintainer permissions. A scan of 30,000 high-impact repositories flagged 654 candidates and confirmed over 300 as fully exploitable, with named blast radius inside Microsoft, Google, Apache and Cloudflare.

Jul 16, 2026 · Tomás Vega
CICI/CD News

Independent CI/CD & deployment news — concise, vendor-neutral takes on pipelines, releases and DevOps tooling.

Network

GitHub ActionsJenkinsGitHubCI/CD Glossary

About

Latest newsAuthorsRSS feedSitemap