← All talks
Tool

BSides talks featuring GitHub Actions

60 talks mention this tool across 34 BSides chapters.

Talks featuring GitHub Actions

47:16
Climbing the Production Mountain: Practical CI/CD Attacks Using CI/CD Goat
Omer GilAsaf Greenholts
BSides Las Vegas · 2022
TechnicalDevSecOpsSupply Chain SecurityRedDemo
Open →2022-09
27:37
Overwatch: A serverless approach to orchestrating your security automation
Sanchay Jaipuriyar
BSidesSF · 2023
TechnicalDevSecOpsTalk
Open →2023-05
7:08:41
BSidesPDX 2025 - Saturday, Track 1
BSides PDX · 2025
Open →2025-10
43:58
Attacking & Defending Supply Chains: How we got Admin in your Cloud, Again
Mike Ruth
BSidesSF · 2024
TechnicalCloud IAMSupply Chain SecurityTalk
Open →2024-07
35:19
GitOops! All Paths Lead To Clouds
Alex Kaskasoli
BSides London · 2022
TechnicalTalk
Open →2022-01
50:48
BSidesSF 2023 - Securing the Pipeline: Protecting Self-Hosted GitHub Runners (Adnan Khan)
Adnan Khan
BSidesSF · 2023
TechnicalDevSecOpsSupply Chain SecurityTalk
Open →2023-05
41:37
Getting Things Fixed: Security Wins and Fails
Scott Piper
BSides SLC · 2025
War StoriesCloud IAMVulnerability ResearchKeynote
Open →2025-06
49:30
Infrastructure as RCE: How to abuse Terraform to elevate access
Mike McCabe
BSides NYC · 2023
TechnicalCloud IAMDevSecOpsVulnerability ResearchRedTalk
Open →2023-06
44:08
From Soup To Nuts: Building A Detection-as-Code Pipeline - David French
David French
BSides Dublin · 2024
TechnicalDetection EngineeringIntermediaryBlueTalk
Open →2024-06
42:58
Breaking Build: Red Teaming CI/CD Pipelines and GitHub Actions [BSidesPDX 2024]
Craig Wright
BSides PDX · 2024
TechnicalDevSecOpsRedTalk
Open →2024-11
53:45
Signing your code the easy way
Oren Novotny
BSides DC · 2019
TechnicalDevSecOpsSupply Chain SecurityTalk
Open →2019-11
1:00:18
Scaling the Security Researcher to Eliminate OSS Vulnerabilities
Jonathan Leitschuh
Bsides CT · 2023
ResearchTechnicalSupply Chain SecurityToolingVulnerability ResearchCase Studies and Incidents AnalysisTechnical Deep-divesKeynote
Open →2023-10
47:23
Open Source GitOps for Detection Engineering
Zach Wasserman
BSides Las Vegas · 2023
TechnicalDetection EngineeringDevSecOpsBlueDemoTalk
Open →2023-10
42:06
Attacking Pipelines: Large Scale Exploitation of Workflow Files - David, Rohan & Andrei
BSides Cape Town
Open →2025-04
20:13
Are your GitHub Actions secure?
Luís Fontes
BSides Lisbon · 2022
TechnicalDevSecOpsSupply Chain SecurityRedTalk
Open →2023-01
48:01
Action Anomalies: A Hacker's Guide to Github Actions
Elliot Ward
BSides Tallinn · 2024
TechnicalDevSecOpsSupply Chain SecurityVulnerability ResearchCase Studies and Incidents AnalysisTechnical Deep-divesTalk
Open →2024-10
36:55
Detection-as-Code: Scaling SOC Operations
Aaron Wilkinson
BSides Belfast
TechnicalBlueTalk
Open →2025-02
48:52
Deception for the Win in 2023 and Beyond
Tim Crothers
BSides Augusta · 2023
TechnicalTalk
Open →2023-10
32:45
Chris Farris - The Cloud is Dark and Full of Terrors
BSides Augusta
Open →2021-10
24:39
Why I am (still) finding secrets in your code
Luke Marshall
BSides Canberra · 2025
ResearchTechnicalDevSecOpsSupply Chain SecurityVulnerability ResearchBlueCase Studies and Incidents AnalysisEmpirical Research+1
Open →2025-12
39:15
Pipeline Pandemonium: How to Hijack the Cloud and Make it Rain Insecurity
Blake Hudson
BSides Las Vegas · 2024
TechnicalCloud IAMDevSecOpsSupply Chain SecurityRedCase Studies and Incidents AnalysisTechnical Deep-divesTalk
Open →2024-09
38:33
BSidesBUD2022: Github Actions Security Landscape
Alex IlgayevIlia Shkolyar
BSides Budabest · 2022
TechnicalDevSecOpsSupply Chain SecurityEmpirical ResearchTechnical Deep-divesTalk
Open →2023-06
28:09
My CI/CD Pipeline Contains All Security Tools Available! Now What...?
Jasmin Mair
BSides Munich
TechnicalDevSecOpsSupply Chain SecurityThreat ModelingTalk
Open →2023-10
46:04
Broken links — Behind the scenes of Supply Chain breaches
François Proulx
BSides NYC · 2023
TechnicalSupply Chain SecurityCase Studies and Incidents AnalysisMethodologyTalk
Open →2023-06
12:30
Tales from the DevSecOps world: SIEM completely as Code
George TsigourakosKyriaki SolomidouJohn Torakis
BSides Athens · 2022
TechnicalDevSecOpsTalk
Open →2022-06
39:38
Securing Cloud Delivery Pipelines — Findings From A Blue/Red Team Security Simulation
Foo Meden
BSides London · 2022
TechnicalPurpleTalk
Open →2022-01
39:56
Red Team infrastructure and payload development automation
André Lima
BSides Oslo · 2023
TechnicalAdvancedRedTalk
Open →2025-07
24:34
BSidesSF 2023 - How do you trust your open source software? (Naveen Srinivasan, Brian Russell)
Naveen SrinivasanBrian Russell
BSidesSF · 2023
TechnicalSupply Chain SecurityTalk
Open →2023-05
39:47
Github Actions Security Landscape by Alex Ilgayev
Alex Ilgayev
BSides Dublin · 2023
TechnicalDevSecOpsTalk
Open →2023-07
46:04
Whose Pipeline Is It Anyway?: Attacks and Defenses in the World of CI/CD
Matt BosackZach Satterly
BSides Philly · 2023
TechnicalDevSecOpsSupply Chain SecurityBlueRedTalk
Open →2024-01
49:05
The Hackers Guide To Software Supply Chain Attacks
Mackenzie Jackson
BSides Cheltenham
TechnicalSupply Chain SecurityTalk
Open →2024-07
22:57
Actions Have Consequences: The Overlooked Security Risks in 3rd Party GitHub Actions
Yaron Avital
BSides Las Vegas · 2023
TechnicalDevSecOpsSupply Chain SecurityTalk
Open →2023-10
39:54
Rooting out Security Risks Lurking in your CI/CD Pipelines
Vasant Chinnipilli
BSides Berlin · 2021
TechnicalContainer SecurityDevSecOpsSupply Chain SecurityTalk
Open →2021-09
34:22
Building vs Buying: A Tale of Developing an In-House SCA Tool
Diogo LemosFábio Pinto
BSides Lisbon · 2025
TechnicalDevSecOpsSupply Chain SecurityBlueDemoTalk
Open →2026-01
24:28
Compromising GitHub repositories through the actions dependency tree
Asi Greenholts
BSides TLV · 2024
TechnicalSupply Chain SecurityRedDemoTalk
Open →2024-08
28:39
A New XZ Every Day – The Collapse of OSS Supply Chain Security
Paul Novarese
BSides SLC · 2025
TechnicalSupply Chain SecurityCase Studies and Incidents AnalysisTalk
Open →2025-06
17:10
From Keyless to Careless: Abusing Misconfigured OIDC Authentication in Cloud Environments
Christophe Tafani-Dereeper
BSides Las Vegas · 2024
TechnicalCI/CD SecurityCloud IAMVulnerability ResearchIntermediaryRedCase Studies and Incidents AnalysisTechnical Deep-dives+1
Open →2024-09
27:26
Shift Left With DevSecOps: Scanning Every Single Code Change
Avinash Jain
BSides Charlotte · 2020
TechnicalDevSecOpsTalk
Open →2020-10
14:48
Why You Must Make Your DEV Team Formally Verify Their New Feature Before Deployment
Rahul Balaji
BSides Leeds
TechnicalTalk
Open →2025-08
28:26
Chasing Whispers: A Pragmatic Review of Adversary Emulation Processes
Kyle Smith
BSides Charleston · 2024
TechnicalDetection EngineeringThreat IntelThreat ModelingPurpleTalk
Open →2024-11
53:09
Hacking GitHub Actions: Abusing GitHub and Azure for fun and profit
Magno Logan
BSides Buffalo · 2023
TechnicalCloud IAMDevSecOpsSupply Chain SecurityAdvancedRedTalk
Open →2023-06
53:25
Threat Modeling the Github Actions Ecosystem
Natalie Somersall
BSides Boulder · 2023
TechnicalDevSecOpsSupply Chain SecurityTalk
Open →2024-02
31:24
BSidesSF 2025 - Resilience in the Uncharted AI Landscape (Ranita Bhattacharyya)
Ranita Bhattacharyya
BSidesSF · 2025
Talk
Open →2025-06
26:35
Developers, the weakest link in the supply chain?
David Leadbeater
BSides Canberra · 2025
TechnicalSupply Chain SecurityVulnerability ResearchTechnical Deep-divesTalk
Open →2025-12
19:12
Raiders of the Lost Artifacts: Racing for Hidden Treasures in Public GitHub Repositories
Yaron Avital
BSides Las Vegas · 2024
TechnicalDevSecOpsSupply Chain SecurityVulnerability ResearchAdvancedRedCase Studies and Incidents AnalysisTechnical Deep-dives+1
Open →2024-09
27:46
Attacking Secrets in Cloud-based Applications
Artëm Tsvetkov
BSides Barcelona · 2021
TechnicalCloud IAMTalk
Open →2022-01
50:22
Securing your Open Source Project
Jose Palafox
BSides PDX · 2023
TechnicalSupply Chain SecurityTalk
Open →2023-10
47:01
Do you know where your secrets are? Exploring the problem of secret sprawl and management maturity
BSides Dallas/Fort Worth
Open →2024-01
24:13
The Dark Playground of CI/CD: Attack Delivery by GitHub Actions
Yusuke KuboKiyohito Yamamoto
BSides Las Vegas · 2023
ResearchDevSecOpsSupply Chain SecurityVulnerability ResearchAdvancedRedCase Studies and Incidents AnalysisTechnical Deep-dives+1
Open →2023-10
34:36
What exactly is Supply-chain Levels for Software Artifacts (SLSA)?
Nicole Schwartz
BSides Edmonton · 2023
TechnicalDevSecOpsSupply Chain SecurityTalk
Open →2023-10
28:48
Docker To The Security by Sean Wright
Sean Wright
BSides Leeds · 2023
Talk
Open →2023-07
16:56
Sajeeb Lohani - Efficient Defence Turbocharging Security Workflows
Sajeeb Lohani
BSides Perth · 2025
Talk
Open →2025-10
25:45
Building a sustainable detector development lifecycle
Paul Ihme
BSides Charleston · 2022
Talk
Open →2023-01
23:50
Tag, You're Leaked: Surviving the tj-actions Supply Chain Attack
Mark EslerAshish Kurmi
BSides PDX 2025
TechnicalDevSecOpsSupply Chain SecurityCase Studies and Incidents AnalysisTalk
Open →2025-12
52:06
Improve the identification of vulnerabilities in your project with just few commands
Filipi Pires
BSides SATX · 2021
TechnicalDemo
Open →2021-06
21:34
Bad Vibes, Good Job Security? The Future Of Security In An AI Saturated World - Katie Paxton-Fear
Katie Paxton-Fear
BSides Leeds · 2026
Open →2025-08
23:36
Establishing Trust In Artifacts With Provenance
Ralph Bean
BSides Buffalo · 2025
TechnicalDevSecOpsSupply Chain SecurityTalk
Open →2025-06
34:47
BSidesNcl 2021 Automating Application Security Ayush Priya
BSides Newcastle
Open →2021-10
33:31
Security in Continuous Delivery Pipelines
Sam Hogy
BSides Newcastle · 2020
TechnicalDevSecOpsThreat ModelingTalk
Open →2020-11
21:10
The Art of Concealment: CVE's Challenge with Transparency
Jerry Gamblin
BSides Las Vegas · 2025
ResearchTechnicalThreat IntelVulnerability ResearchTalk
Open →2025-12