https://edu.chainguard.dev/tags/chainguard-actions/Recent content in Chainguard Actions onHugo -- gohugo.ioenCopyright (c) 2023 ChainguardThu, 30 Apr 2026 12:00:00 +0000https://edu.chainguard.dev/software-security/learning-labs/ll202604/Thu, 30 Apr 2026 12:00:00 +0000https://edu.chainguard.dev/software-security/learning-labs/ll202604/<p>The April 2026 Learning Lab with Erika Heidi goes through how attackers exploit vulnerable GitHub Actions workflows, and how Chainguard can protect your CI/CD pipelines from these threats. <div style="position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;"> <iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share; fullscreen" loading="eager" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube.com/embed/D9tORVR4H9g?autoplay=0&amp;controls=1&amp;end=0&amp;loop=0&amp;mute=0&amp;start=0" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;" title="YouTube video"></iframe> </div> </p> <h2 id="sections" class="heading-2" data-heading-level="2"> <span class="heading-text">Sections</span> <a href="#sections" class="anchor" aria-label="Link to Sections" title="Link to this section"> <svg width="16" height="9" viewBox="0 0 16 9" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true"> <path d="M6.833 8.125H4C3 8.125 2.146 7.77067 1.438 7.062C0.729333 6.354 0.375 5.5 0.375 4.5C0.375 3.5 0.729333 2.646 1.438 1.938C2.146 1.22933 3 0.875 4 0.875H6.833V1.958H4C3.30533 1.958 2.708 2.208 2.208 2.708C1.708 3.208 1.458 3.80533 1.458 4.5C1.458 5.19467 1.708 5.792 2.208 6.292C2.708 6.792 3.30533 7.042 4 7.042H6.833V8.125ZM5.208 5.042V3.958H10.792V5.042H5.208ZM9.167 8.125V7.042H12C12.6947 7.042 13.292 6.792 13.792 6.292C14.292 5.792 14.542 5.19467 14.542 4.5C14.542 3.80533 14.292 3.208 13.792 2.708C13.292 2.208 12.6947 1.958 12 1.958H9.167V0.875H12C13 0.875 13.854 1.22933 14.562 1.938C15.2707 2.646 15.625 3.5 15.625 4.5C15.625 5.5 15.2707 6.354 14.562 7.062C13.854 7.77067 13 8.125 12 8.125H9.167Z" fill="currentColor"/> </svg> </a> </h2><ul> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g">0:00</a> Introduction and agenda</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=331s">5:31</a> Timeline of CI/CD software supply chain incidents</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=685s">11:25</a> Open Source and CI/CD as the new target</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=767s">12:47</a> 2026: the year of AI-assisted attacks</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=916s">15:16</a> Unpacking the Trivy Compromise</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=1197s">19:57</a> Secret exfiltration live demo</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=2177s">36:17</a> What could unfold from here</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=2344s">39:04</a> Strategies to mitigate risks</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=2364s">39:24</a> Repository inspection for insecure defaults</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=2643s">44:03</a> Minimize attack surface</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=2928s">48:48</a> Pull from trusted sources</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=3141s">52:21</a> Pin by digest</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=3268s">54:28</a> Use short lived tokens (ban PATs)</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=3332s">55:32</a> Use Chainguard Actions</li> <li><a href="https://www.youtube.com/watch?v=D9tORVR4H9g&amp;t=3535s">58:55</a> Closing notes</li> </ul> <h2 id="resources" class="heading-2" data-heading-level="2"> <span class="heading-text">Resources</span> <a href="#resources" class="anchor" aria-label="Link to Resources" title="Link to this section"> <svg width="16" height="9" viewBox="0 0 16 9" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true"> <path d="M6.833 8.125H4C3 8.125 2.146 7.77067 1.438 7.062C0.729333 6.354 0.375 5.5 0.375 4.5C0.375 3.5 0.729333 2.646 1.438 1.938C2.146 1.22933 3 0.875 4 0.875H6.833V1.958H4C3.30533 1.958 2.708 2.208 2.208 2.708C1.708 3.208 1.458 3.80533 1.458 4.5C1.458 5.19467 1.708 5.792 2.208 6.292C2.708 6.792 3.30533 7.042 4 7.042H6.833V8.125ZM5.208 5.042V3.958H10.792V5.042H5.208ZM9.167 8.125V7.042H12C12.6947 7.042 13.292 6.792 13.792 6.292C14.292 5.792 14.542 5.19467 14.542 4.5C14.542 3.80533 14.292 3.208 13.792 2.708C13.292 2.208 12.6947 1.958 12 1.958H9.167V0.875H12C13 0.875 13.854 1.22933 14.562 1.938C15.2707 2.646 15.625 3.5 15.625 4.5C15.625 5.5 15.2707 6.354 14.562 7.062C13.854 7.77067 13 8.125 12 8.125H9.167Z" fill="currentColor"/> </svg> </a> </h2><ul> <li><a href="https://edu.chainguard.dev/downloads/learning-lab-securing-cicd-202604.pdf">Slide deck</a></li> <li><a href="https://edu.chainguard.dev/chainguard/chainguard-images/overview/">Chainguard Containers</a></li> <li><a href="https://edu.chainguard.dev/chainguard/libraries/overview/">Chainguard Libraries</a></li> <li><a href="https://www.chainguard.dev/actions">Chainguard Actions</a></li> <li><a href="https://github.com/marketplace/actions/update-the-image-digest">Digestabot</a></li> <li><a href="https://github.com/apps/octo-sts">Octo-STS</a></li> </ul>