Comment by woodruffw
4 days ago
I personally find this pretty concerning: GitHub Actions already has a complex and opaque security model, and adding LLMs into the mix seems like a perfect way to keep up the recent streak of major compromises driven by vulnerable workflows and actions.
I would hope that this comes with major changes to GHA’s permissions system, but I’m not holding my breath for that.
No comments yet
Contribute on Hacker News ↗