On Microsoft’s Azure Sentinel, for example, Novee found a comment on a PR that could run anonymous attacker code on Microsoft’s CI and steal a non-expiring GitHub App key.
I wonder if/how alternative VCS platforms that provide similar workflow services are affected.
That sounds big & creepy:
I wonder if/how alternative VCS platforms that provide similar workflow services are affected.