Cider Blog

Our Thoughts and Insights on Application Security

How we Abused Repository Webhooks to Access Internal CI Systems at Scale

Huge thanks to Yaron Avital, Tyler Welton and Daniel Krivelevich for their contribution to this research. Intro As adoption of CI systems and processes becomes more...
Bypassing required reviews using GitHub Actions
A newly discovered security flaw in GitHub allows leveraging GitHub Actions to bypass the required reviews mec...
Cider Security has been acquired by Palo Alto Networks