github-actions-security-analysis
https://github.com/wspr-ncsu/github-actions-security-analysis
Science Score: 26.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (5.1%) to scientific vocabulary
Repository
Basic Info
- Host: GitHub
- Owner: wspr-ncsu
- License: mit
- Language: JavaScript
- Default Branch: main
- Size: 561 MB
Statistics
- Stars: 10
- Watchers: 4
- Forks: 1
- Open Issues: 1
- Releases: 0
Metadata Files
README.md
GitHub Actions Security Analysis
Project Contents
artifacts/contains dataset of workflows of public repositories we crawled from GitHubgwchecker/contains our action that can be used to check the workflows inside repositorypoc-actions/contains proof of concept actions that can be used to circumvent security properties
Research Paper
Our work was published at Usenix Security'22 as following paper:
Characterizing the Security of GitHub CI Workflows [PDF]
Igibek Koishybayev and Aleksandr Nahapetyan, North Carolina State University; Raima Zachariah, Independent Researcher; Siddharth Muralee, Purdue University; Bradley Reaves and Alexandros Kapravelos, North Carolina State University; Aravind Machiry, Purdue University
31st USENIX Security Symposium (USENIX Security 22)
@inproceedings {github-usenix22,
title = {Characterizing the Security of Github {CI} Workflows},
author = {Igibek Koishybayev and Aleksandr Nahapetyan and Raima Zachariah and Siddharth Muralee and Bradley Reaves and Alexandros Kapravelos and Aravind Machiry},
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
year = {2022},
isbn = {978-1-939133-31-1}
}
Owner
- Name: wspr-ncsu
- Login: wspr-ncsu
- Kind: organization
- Repositories: 21
- Profile: https://github.com/wspr-ncsu