{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreic6edarfllxixet6kf34svomg6llqcs3prpfxld64tymujo3ffrtm",
    "uri": "at://did:plc:gapzbf5nl5wxaqkqoecaeawh/app.bsky.feed.post/3mk2htv4tz5o2"
  },
  "path": "/critical-microsoft-github-flaw-highlights-dangers-to-ci-cd-pipelines-tenable/",
  "publishedAt": "2026-04-21T16:28:21.000Z",
  "site": "https://devops.com",
  "tags": [
    "Blogs",
    "CI/CD",
    "Continuous Delivery",
    "DevOps and Open Technologies",
    "DevSecOps",
    "Features",
    "GitOps",
    "News",
    "Social - Facebook",
    "Social - LinkedIn",
    "Social - X",
    "Aqua Security Trivy",
    "CI/CD cyberthreats",
    "exposed secrets",
    "GitHub Actions",
    "IANS Research",
    "malicious code",
    "microsoft",
    "OWASP Top 10",
    "remote code execution",
    "software development security",
    "software supply chain attacks",
    "software vulnerabilities",
    "Tenable"
  ],
  "textContent": "A critical vulnerability in a popular Microsoft GitHub repository could allow a threat actor to easily exploit its CI/CD infrastructure to run arbitrary code in the repository and gain access to secrets, according to researchers with cybersecurity firm Tenable. In an advisory issued April 21, Rémy Marot, staff research engineer at Tenable, wrote that “by […]",
  "title": "Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable"
}