|
|
|
|
|
|
by ImPostingOnHN
377 days ago
|
|
|
How do you prevent exposing yourself to supply chain attacks like the tj-actions/changed-files one [0] if you don't? I get your question regarding scaling, but that's the job: you can choose to outsource code to 3rd-party libraries, and eternal vigilance is the trade-off. Assume your 3rd-party dependencies will try to attack you at some point: they could be malicious; they could be hacked; they could be issued a secret court order; they could be corrupted; they could be beaten up until they pushed a change. Unless you have some sort of contract or other legal protection and feel comfortable enforcing them, behave accordingly. 0: https://www.wiz.io/blog/github-action-tj-actions-changed-fil... |
|
|