GitHub Actions are a popular thing with the DevOps crowd, but what sort of supply chain risks do they bring to an organization? Can the GitHub Action Marketplace be trusted? Scott Ellis joins us to provide an overview of GitHub Actions for those not familiar and proceed to demonstrate a few vulnerabilities that have already been used in real-world attacks.
