actsense - GitHub Actions Workflow Auditor
Event
Audience: Security Engineers, DevSecOps, Developers, CI/CD and Platform teams
Duration: Arsenal (tooling session)
Black Hat Arsenal demo of actsense (source) for comprehensive security review of GitHub Actions workflows: dependency and workflow risk, and practical hardening for teams that ship through Actions at scale.
In this session we show how the tool surfaces risk in .github/workflows and streamlines review for security and platform teams.