GitHub Actions, a popular CI/CD platform, introduces significant security challenges due to its integration with GitHub’s open ecosystem and its use of flexible workflow configurations. This paper presents Sher, a Py...GitHub Actions, a popular CI/CD platform, introduces significant security challenges due to its integration with GitHub’s open ecosystem and its use of flexible workflow configurations. This paper presents Sher, a Python-based tool that enhances the security of GitHub Actions by automating the detection and remediation of security issues in workflows. Self-Hosted Ephemeral Runner, or Sher, acts as a broker between GitHub’s APIs and a customizable, isolated environment, analyzing workflows through a static rules engine and automatically fixing identified issues. By providing a secure, ephemeral runner environment and a dynamic analysis tool, Sher addresses common misconfigurations and vulnerabilities, contributing to the resilience and integrity of DevSecOps practices within software development pipelines.展开更多
On April 26,the first event of CIIS Dialogue was held under the theme of“An Equal and Orderly Multipolar World&A Universally Beneficial and Inclusive Economic Globalization:Implications and the Way Forward.”Offi...On April 26,the first event of CIIS Dialogue was held under the theme of“An Equal and Orderly Multipolar World&A Universally Beneficial and Inclusive Economic Globalization:Implications and the Way Forward.”Officials of international organizations in China and renowned scholars at home and abroad had in-depth discussions on the two major Chinese propositions.展开更多
文摘GitHub Actions, a popular CI/CD platform, introduces significant security challenges due to its integration with GitHub’s open ecosystem and its use of flexible workflow configurations. This paper presents Sher, a Python-based tool that enhances the security of GitHub Actions by automating the detection and remediation of security issues in workflows. Self-Hosted Ephemeral Runner, or Sher, acts as a broker between GitHub’s APIs and a customizable, isolated environment, analyzing workflows through a static rules engine and automatically fixing identified issues. By providing a secure, ephemeral runner environment and a dynamic analysis tool, Sher addresses common misconfigurations and vulnerabilities, contributing to the resilience and integrity of DevSecOps practices within software development pipelines.
文摘On April 26,the first event of CIIS Dialogue was held under the theme of“An Equal and Orderly Multipolar World&A Universally Beneficial and Inclusive Economic Globalization:Implications and the Way Forward.”Officials of international organizations in China and renowned scholars at home and abroad had in-depth discussions on the two major Chinese propositions.