<img src="https://certify.alexametrics.com/atrk.gif?account=8w5fq1Fx9f207i" style="display:none" height="1" width="1" alt="">
SB B+B RGB Webinars Logo-1
GitHub Actions and Code Injection: Avoiding Vulnerable Configurations

Webinar

Think About Your Audience Before Choosing a Webinar Title

Sponsored by CYCODE

On Demand
Anytime

GitHub Actions is an increasingly popular DevOps tool because of its rich marketplace and ease of use. As part of our research into the GitHub Actions security landscape, we discovered several pitfalls in the workflow that could result in severe security consequences. For example, we noticed many developers using event input data to improve their workflow process. In theory, this helps to streamline and simplify the workflow; in practice, however, this data could be controlled by an attacker and potentially compromise the build process. Unless developers deeply understand GitHub best practices, these workflows are likely to have mistakes that are costly and could create supply chain risk to the application.

In this webinar, we'll discuss how we found and disclosed vulnerable workflows in several popular open source tools, delve into GitHub Actions architecture to understand the possible consequences of these vulnerabilities, and present possible mitigations for these issues.

Alex Ilgayev
Senior Security Researcher, Cycode
Alex Ilgayev is a senior security researcher at Cycode where he focuses on securing software delivery pipelines. Prior to Cycode, Alex was the malware research team leader at Check Point. Alex began his career spending the better part of a decade as a software developer and security researcher in the Israel Defense Forces.

Register to Watch Now:

What You’ll Learn in This Webinar

You’ve probably written a hundred abstracts in your day, but have you come up with a template that really seems to resonate? Go back through your past webinar inventory and see what events produced the most registrants. Sure – this will vary by topic but what got their attention initially was the description you wrote.

Paint a mental image of the benefits of attending your webinar. Often times this can be summarized in the title of your event. Your prospects may not even make it to the body of the message, so get your point across immediately.  Capture their attention, pique their interest, and push them towards the desired action (i.e. signing up for your event). You have to make them focus and you have to do it fast. Using an active voice and bullet points is great way to do this.

Always add key takeaways. Something like this....In this session, you’ll learn about:

  • You know you’ve cringed at misspellings and improper grammar before, so don’t get caught making the same mistake.
  • Get a second or even third set of eyes to review your work.
  • It reflects on your professionalism even if it has nothing to do with your event.
Cloud Native Now
DevOps.com
Security Boulevard250
Techstrong.tv
Techstrong.ai
Techstrong Group
© 2025 Techstrong Inc. All Rights Reserved. Contact Support.