Y
Hacker News
new
|
ask
|
show
|
jobs
by
AlecBG
53 days ago
You can enforce at the org level to only allow actions pinned to hashes. You can also choose a small whitelist of actions to allow.
1 comments
mmarian
53 days ago
I used to think whitelist could be a partial solution. But after Checkmarx KICS got compromised I can't see this working. I would've considered a well-established brand, in security industry of all places, to be in the whitelist.
link