两天前，GitHub宣布，将从2026年3月1日起对自托管运行器收取0.002 美元/分钟的云平台 服务费。这意味着，开发者将告别“白嫖”时代，只要你用自己的硬件跑任务，就要按连接GitHub Actions的时长付费。

但根据 Wiz 客户事件响应团队的最新研究，攻击者正在利用这种盲目信任。他们发现威胁行为者正在使用暴露的GitHub个人访问Token（PATs）来访问GitHub Action Secrets，并潜入云环境，然后大肆破坏。

Community driven content discussing all aspects of software development from DevOps to design patterns. It all starts with a GitHub Actions workflow. Here’s how to create a run a workflow in the tool.

Community driven content discussing all aspects of software development from DevOps to design patterns. One of the ongoing challenges DevOps professionals face when developing continuous integration ...

作者 | 褚杏娟近期，Zig 编程语言的基金会（The Zig Software Foundation）已宣布退出 GitHub，原因是其领导层认为这个代码共享平台的服务正在衰退。这场风波始于 2025 年 4 月，当时 GitHub 用户 AlekseiNikiforovIBM 发起了一个名为“safe_sleep.sh 脚本罕见地无限期挂起”的讨论帖。GitHub 在 8 月份解决了这个问题， ...

The GitHub Action is a very popular automation tool designed for GitHub Actions workflows. It allows developers to identify files changed in a pull request or commit and take actions based on those ...

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...

作为极具人气的代码仓库与开发者平台，GitHub 本周三遭遇一系列影响到其网站及多项 GitHub 服务的重大问题，但目前系统已经回归正常。根据美国东部时间昨晚 8：26 ...

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...