the first commenter was right on the env thing helping with ci/cd secret isolation
the open issue is that GHA env is vulnerable to typical npm/pip/conda/etc supply chain attacks. it lets them do funny network requests (both data exfil + integrity, and even quota wastage / DoS):
- GitHub hosted runners should allow inbound/outbound domain safelists, full isolation w internal repo safelisting, or something else like it
- and/or self-hosted runners should have an Azure serverless mode where the host owner can do their own presets. less good b/c trickier to maintain typical safelists
currently , GHA is default-allow for supply chain attacks =\
in theory folks can try docker-in-docker to limit network access, or the equiv lower, and layer on internal repos to prevent 0-days, but this gets gnarly quickly and more sanely handled by the managed CI env we are all paying for
the open issue is that GHA env is vulnerable to typical npm/pip/conda/etc supply chain attacks. it lets them do funny network requests (both data exfil + integrity, and even quota wastage / DoS):
- GitHub hosted runners should allow inbound/outbound domain safelists, full isolation w internal repo safelisting, or something else like it
- and/or self-hosted runners should have an Azure serverless mode where the host owner can do their own presets. less good b/c trickier to maintain typical safelists
currently , GHA is default-allow for supply chain attacks =\
in theory folks can try docker-in-docker to limit network access, or the equiv lower, and layer on internal repos to prevent 0-days, but this gets gnarly quickly and more sanely handled by the managed CI env we are all paying for