Security News > 2022 > April > GitHub issues final report on supply-chain source code intrusions

GitHub issues final report on supply-chain source code intrusions
2022-04-29 18:15

Early in April 2022, news broke that various users of Microsoft's GitHub platform had suffered unauthorised access to their private source code.

GitHub, if you've never used it, is a cloud-based source code control system, best known for hosting the public repositories of many open source software projects.

To the suggester, of course, it's essentially a push request, aiming to inject new code into the system; if approved by the project team, the code gets pulled, or merged, into the codebase and becomes an official part of the project.

Source code control gives software projects a formal record of changes, which makes hunting down new bugs much easier because each change can be reviwed and re-tested individually.

Not all GitHub projects are public, open-source repositories of code.

As you can imagine, automated CI systems don't have a real-life developer handy to put in a password and enter a 2FA code every time they want to logon to the source code control system to clone the very latest version of the project.


News URL

https://nakedsecurity.sophos.com/2022/04/29/github-issues-final-report-on-supply-chain-source-code-intrusions/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 2 45 29 19 95