Comment by josephcsible
7 hours ago
Are any of them actually exploitable in the context of a GitLab runner that doesn't use them? This feels like a security company looking for ways to justify their existence.
7 hours ago
Are any of them actually exploitable in the context of a GitLab runner that doesn't use them? This feels like a security company looking for ways to justify their existence.
Hey, I'm a co-founder of Bomfather, we just stumbled upon this problem when we were building our product. Our product doesn't actually secure this, the best solution is to just run your own private runner.