tj-actions with Endor Lab's Dimitri Stiliadis - podcast episode cover

tj-actions with Endor Lab's Dimitri Stiliadis

Open Source Security
Apr 28, 202533 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-stage attack vector and the broader often-overlooked vulnerabilities in our CI/CD pipelines, emphasizing the need to treat these build systems with production-level security rigor instead of ignoring them.

 

The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2025/2025-04-tjactions_with_dimitri_stiliadis/

For the best experience, listen in Metacast app for iOS or Android