|
|
|
|
|
|
by rdsubhas
1895 days ago
|
|
|
Most CI sytems have Github Token as an environment variable. That provides a second layer of attack. Attacker by this time could have cloned all repositories, so whatever config, credentials, service account files or anything inside these repos are also assumed to be compromised. Not just environment variables. |
|
|