Raima Zachariah

2022

• Characterizing the Security of GitHub CI Workflows

  Proceedings of the USENIX Security Symposium

  Igibek Koishybayev, Aleksandr Nahapetyan, Raima Zachariah, Siddharth Muralee, Bradley Reaves, Alexandros Kapravelos, and Aravind Machiry

  PDF Video Slides

  99.8% of 447,238 GitHub CI workflows are overprivileged and 97% of repositories execute Actions from unverified creators, exposing systemic supply chain attack vectors.