[1] | Oracle (2024) What is DevOps? https://www.oracle.com/devops/what-is-devops/
|
[2] | Wikipedia (2024) GitHub. https://en.wikipedia.org/w/index.php?title=GitHub&oldid=1196345392
|
[3] | GitHub Resources (2024) DevSecOps Explained. https://resources.github.com/devops/fundamentals/devsecops/
|
[4] | Jenkins (2024) https://www.jenkins.io/
|
[5] | Travis CI (2024) Test and Deploy with Confidence. https://www.travis-ci.com/
|
[6] | Circle CI (2024) Build Anything Fast. The CI/CD Platform for the AI Future. https://circleci.com/
|
[7] | GitLab (2024) GitLab CI-Documentation. https://docs.gitlab.com/ee/ci/
|
[8] | GitHub (2024) What is Github Actions? https://web.archive.org/web/20211203130324/ https://resources.github.com/downloads/What-is-GitHub.Actions_.Benefits-and-examples.pdf
|
[9] | Stawinski IV, J. (2024) Fixing Typos and Breaching Microsoft’s Perimeter. https://johnstawinski.com/2024/04/15/fixing-typos-and-breaching-microsofts-perimeter/
|
[10] | GitHub (2024) GitHub Marketplace-GitHub Actions. https://github.com/marketplace?category=&query=updated:>2023-07-21 sort:popularity-desc&type=actions&verification
|
[11] | GitHub (2024) Understanding GitHub Actions. https://docs.github.com/en/actions/learn-github-actions/understanding-github-actions
|
[12] | Epling, J. (2024) Powering Community-Led Innovation with GitHub Actions. https://github.blog/2019-11-14-powering-community-led-innovation-with-github-actions/
|
[13] | Smart, I. and Gazdag, V. (2024) RCE-as-a-Service: Lessons Learned from 5 Years of Real-World CI/CD Pipeline Compromise. https://www.blackhat.com/us-22/briefings/schedule/#rce-as-a-service-lessons-learned-from-5-years-of-real-world-cicd-pipeline-compromise-27541
|
[14] | Stawinski IV, J. (2024) Playing with Fire—How We Executed a Critical Supply Chain Attack on Pytorch. https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch/
|
[15] | Khan, A. (2024) One Supply Chain Attack to Rule Them All—Poisoning GitHub’s Runner Images. https://adnanthekhan.com/2023/12/20/one-supply-chain-attack-to-rule-them-all/
|
[16] | GitHub (2024) Events that Trigger Workflows. https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
|
[17] | Chandramouli, R., Kautz, F. and Torres-Arias, S. (2024) Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-204D.pdf
|
[18] | Pan, Z., et al. (2023) Ambush from All Sides: Understanding Security Threats in Open-Source Software CI/CD Pipelines. IEEE Transactions on Dependable and Secure Computing, 21, 403-418. https://ieeexplore.ieee.org/abstract/document/10061526
|
[19] | Koishybayev, I., Nahapetyan, A., Zachariah, R., Muralee, S., Reaves B., Kapravelos A. and Machiry, A. (2022) Characterizing the Security of Github CI Workflows. Proceedings of the 31st USENIX Symposium, Boston, 10-12 August 2022, 2747-2763.
|
[20] | Dakic, V., Redzepagic, J. and Basic, M. (2024) CI/CD Toolset Security. Proceedings of the 33rd DAAAM International Symposium on Intelligent Manufacturing and Automation, Vienna, 27-28 October 2022, 161-164. https://www.daaam.info/Downloads/Pdfs/proceedings/proceedings_2022/working_papers/dpn34029_a_2_Dakic.pdf
|
[21] | Praetorian Inc. (2024) Gato (GitHub Attack Toolkit). https://github.com/praetorian-inc/gato
|
[22] | Ubicloud (2024) Open, Free, and Portable Cloud. Elastic Compute, Block Storage (Non Replicated), Virtual Networking, Managed Postgres, and IAM Services in Public Beta. https://github.com/ubicloud/ubicloud
|
[23] | StepSecurity (2024) Secure Your GitHub Actions with StepSecurity Platform. https://www.stepsecurity.io/
|
[24] | Kumar, P. (2024) Sher. https://github.com/pranau97/sher?tab=readme-ov-file#tiger-sher
|
[25] | GitHub (2024) About GitHub Marketplace for Apps. https://docs.github.com/en/apps/github-marketplace/github-marketplace-overview/about-github-marketplace-for-apps
|
[26] | Ramírez, S. (2024) FastAPI. https://fastapi.tiangolo.com/
|
[27] | HashiCorp (2024) Vagrant by HashiCorp. https://www.vagrantup.com/
|
[28] | Github (2024) About Billing for GitHub Actions. https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions
|
[29] | Sharma, A. (2024) GitHub Actions Being Actively Abused to Mine Cryptocurrency on GitHub Servers. https://www.bleepingcomputer.com/news/security/github-actions-being-actively-abused-to-mine-cryptocurrency-on-github-servers/
|