Monday, November 22, 2021

Bypassing required reviews using GitHub Actions

A newly discovered security flaw in GitHub allows leveraging GitHub Actions to bypass the required reviews mechanism and push unreviewed code to a protected branch, potentially allowing malicious code to be used by other users or flow down the pipeline to production.

Link to the original post on Medium: