Do you want #OpenTelemetry support in #GitHubActions?

Since GitHub is asking for input on their GitHub Actions roadmap, maybe upvoting github.com/orgs/community/discussio... will give them a nudge to implement it. 😄

What’s coming to our GitHub Actions 2026 security roadmap - Feedback & Suggestions · community · Discussion #190621 🏷️ Discussion Type Product Feedback 💬 Feature/Topic Area Other Discussion Details We recently published a blog post outlining capabilities GitHub is actively investing in and developing for Actions...

Do you want #OpenTelemetry support in #GitHubActions?

Since GitHub is asking for input on their GitHub Actions roadmap, maybe upvoting github.com/orgs/communi... will give them a nudge to implement it. 😄

Github Actions

GitHub Actions คืออะไร

อ่านต่อ : www.blockdit.com/posts/69c686...

#ShoperGamer #Github #GithubActions #CI #CD #Workflows #SelfhostRunner #Automate #Study #Knowledge #Feed

GitHub Actions Changed Pricing in 2026 — Here's Exactly What You're Paying Now In January 2026, GitHub updated their Actions runner pricing. Most teams didn't notice. Here's...

GitHub Actions Changed Pricing in 2026 — Here's Exactly What You're Paying Now In January 2026, GitHub updated their Actions runner pricing. Most teams didn't notice. Here's exact...

#githubactions #cicd #devops #webdev

Origin | Interest | Match

No More Silent Analytics Bugs: All it Takes is One SDK and One Github Action | HackerNoon Avoid silent analytics bugs by using two Open Source tools. First, get free from vendor lock-in by replacing the vendor analytics SDKs with RudderStack SDK that

No More Silent Analytics Bugs: All it Takes is One SDK and One Github Action #Technology #SoftwareEngineering #Other #Analytics #SoftwareDevelopment #GitHubActions

hackernoon.com/no-more-silent-analytics...

No More Silent Analytics Bugs: All it Takes is One SDK and One Github Action

Avoid silent analytics bugs by using two Open Source tools. First, get free from vendor lock-in by replacing the vendor analytics SDKs with RudderStack SDK that #githubactions

TeamPCP expands: Supply chain compromise spreads from Trivy to Checkmarx GitHub Actions TeamPCP compromised Aqua Security's trivy-action and injected a credential-stealing payload that harvested CI runner memory, queried cloud instance metadata, enumerated webhook URLs, and exfiltrated encrypted secrets to typosquat domains. The identical stealer appeared days later in Checkmarx's ast-github-action (v2.3.28), indicating stolen credentials from the Trivy compromise were used to poison additional GitHub Actions; #TeamPCP #Trivy

TeamPCP compromised Aqua Security’s Trivy GitHub Action by injecting a credential-stealing payload that harvested secrets from CI runners. The same stealer hit Checkmarx’s GitHub Action days later, spreading the attack. #SupplyChain #GitHubActions

⚙️ Automatiza tu código desde el día 1 con GitHub Actions

github.blog/developer-skills/github/...

#GitHub #GitHubActions #DevOps #Programación

Teampcp Hacks Checkmarx via Stolen CI
Read More: buff.ly/6nVcv6O

#TeamPCP #Checkmarx #GitHubActions #CICDSecurity #SupplyChainAttack #SecretsTheft #Typosquatting #DevSecOps

Trivy was compromised AGAIN! A security scanner designed to protect your CI/CD became the attack vector, stealing credentials. Are your pipelines safe?

thepixelspulse.com/posts/trivy-github-actio...

#trivy #aquasecurity #githubactions

Trivy GitHub Action Breach Hits CI/CD
Read More: buff.ly/tfZnIy8

#Trivy #AquaSecurity #GitHubActions #CICDSecurity #SupplyChainAttack #SecretsTheft #DevSecOps #InfosecNews

GitHub Actions のコストが思ったより高かったので ## 2. ランナー単価の最適化 次に見直したのが ランナー単価 です。 ランナーの確認をしたところ、一部ワークフローが、高スペックのカスタムランナー で動いていることを発見しました。 この高スペックのカスタムランナーに変更した当時は在籍していなかったため、経緯を確認したところ、過去に “安定性を優先して” 導入していたとのことでした。 ### ubunts-latestへの移行 コスト内訳を調べたところ、このカスタムランナーがコストの大半を占めていました。 本当にこのランナーじゃないと動かないのか？と再度検証したところ、当時問題だった メモリ不足 テストの不安定さ とい

GitHub Actionsのコスト削減は実行時間より「ランナー単価」と「実行回数」の見直しが最短です。

・カスタムランナーをubuntu-latestへ移行
・RenovateのCI実行を抑制

この2点で月間コスト38%削減。

#GitHubActions #CIコスト削減

Trivy Breached Twice in a Month via GitHub Actions Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing malware through CI/CD pipelines.

winbuzzer.com/2026/03/23/t...

Trivy Breached Twice in a Month via GitHub Actions

#GitHub #GitHubActions #Cybersecurity #Malware #Cybercrime #SecurityBreach #OpenSource #Hackers #npm #Javascript #SoftwareDevelopment #CloudComputing #DataBreaches #Trivy #AquaSecurity #TeamPCP #CanisterWorm

Trivy's supply chain hit AGAIN! Attackers force-pushed infostealer malware to 75 Git tags, exploiting persistent credentials & mutable versioning. A critical lesson in CI/CD security.

thepixelspulse.com/posts/trivy-supply-chain...

#trivy #aquasecurity #githubactions

Trivy's GitHub Actions compromised again, exposing CI/CD secrets. Developers urged to enhance security measures. #CyberSecurity #DevSecOps #CI/CD #GitHubActions Link: thedailytechfeed.com/trivys-githu...

Delete old GitHub Actions artifacts with PowerShell My GitHub Actions artifact usage was nearing the maximum quota for the month, so I needed a script to delete old artifacts

Blogged: Delete old GitHub Actions artifacts with PowerShell

david.gardiner.net.au/2026/03/dele...

#GitHub #GitHubActions #PowerShell

2026年3月19日の Trivy 再侵害の概要と対応指針 2026年3月19日、Aqua Security が提供するOSSセキュリティスキャナ Trivy のエコシステムが、3週間以内に2度目のサプライチェーン攻撃を受けました。攻撃者は aquasecurity/setup-trivy および aquasecurity/trivy-action の2つのGitHub Actionsに悪意あるコードを注入し、これらを利用するCI/CDパイプラインからクレデンシャルを大規模に窃取するペイロードを配布しました。

【セキュリティ警告】CI/CDツール「Trivy」のGitHub Actionsが侵害されたようです。攻撃者がタグを強制更新し、悪意あるコードを配信。CI/CDパイプライン上のシークレット情報が流出する恐れあり。

GitHub Actions利用者は即座にログ確認と認証情報のローテーションを！

#セキュリティ #DevSecOps #CI/CD #GitHubActions

https://diary.shift-js.info/trivy-compromise/

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow

iT4iNT SERVER Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets VDS VPS Cloud #Trivy #Security #GitHubActions #CyberSecurity #DevOps

⚙️ GitHub para Principiantes: Primeros Pasos con GitHub Actions

Configura tu primer flujo de trabajo de GitHub Actions con esta guía.

github.blog/developer-skills/github/...

#GitHubActions #CI_CD #Automation #RoxsRoss

Okay, GitHub Actions is getting a bunch of backend updates in late March 2026. Looks like they're focusing on performance and reliability behind the scenes. Fingers crossed this means fewer mysterious job failures for my CI/CD pipelines. 🤞 #GitHubActions

Finally, a beginner's guide to GitHub Actions that doesn't assume I'm already a wizard! 🧙‍♂️ This walkthrough on automating issue labeling is actually pretty straightforward. Might finally get those pesky 'needs triage' labels sorted. #GitHubActions #Automation

Anyone Can Build a Flutter App. Not Everyone Can Ship It Without Touching a Button. A senior Flutter engineer doesn’t just write code — they own the pipeline that takes code from a Git push to a live App Store release…

I just published Anyone Can Build a Flutter App.
Not Everyone Can Ship It Without Touching a Button. medium.com/p/anyone-can...
#Flutter #FlutterDev #CICD #Fastlane #GitHubActions #FlutterFlavors #CodeSigning #DartDefine #FirebaseAppDistribution #TestFlight #PlayStore #FlutterInterview

Just a moment...

Modernize your .NET app deployment with trusted NuGet publishing using GitHub Actions! Learn to automate, secure, and streamline your workflows. Boost efficiency and reliability.#DotNet #GitHubActions

How To Publish To NPM From GitHub Actions At the end of 2025, NPM registry revoked all personal NPM tokens that I used to publish new NPM package releases. This change improves the security of the entire NPM publishing workflow, but has disru

How to Publish to npm From GitHub Actions, by @bahmutov@fosstodon.org:

https://glebbahmutov.com/blog/npm-publish-from-github/

#howtos #npm #githubactions

New demo 🎥

Automate open source scanning in GitHub by running SCANOSS in a GitHub Actions workflow.

Set up the workflow, configure parameters, trigger scans, and review detection results — all inside your CI pipeline.

Watch → youtu.be/7qfOoXGj0aA

#SCANOSS #GitHubActions #DevSecOps

Lessons learned modernizing Apache Kafka CI builds with Develocity and GitHub Actions | Gradle Technologies Get the lessons-learned from the migration from Apache Kafka's migration from Jenkins to GitHub Actions, including how Develocity helped quantify performance gains and prove ROI.

In 1 hour! ⏰

Hear how Apache #Kafka went from 8 to 2 hour builds by migrating from #Jenkins to #GitHubActions with #Develocity.

Save your seat 👇
gradle.com/events/modernizing-apach...

#CI #modernization

GitHub Actions: Basics Learn GitHub Actions fundamentals - workflows, jobs, actions, and artifact sharing with modern best practices.

⚡ NEW: GitHub Actions Basics for DevOps!

CI/CD pipelines, workflows, secrets & self-hosted runners. Automate your deployments with GitHub's native CI/CD.

📖 Read: devopstales.github.io/devops/githu...

#GitHubActions #CICD #DevOps #Automation

【2026年の大改定】GitHub Actions君、値下げとセルフホスト有料 ... このように、同じ4コアのマシンを使っても、スイッチを「ARM」に切り替えるだけでコストが 1/3 カット されます。 さらに衝撃的なのが Windows 環境です。 | OS / アーキテクチャ | 改定後の料金 (1分あたり) | x64との価格差 | --- | Windows x64 (4-core) | $0.022 | Windows ARM (4-core) | $0.014 | 36% 安い | Windows環境においても、ARM版を選ぶだけで約4割近いコスト削減になります。 ### なぜこれが「誘導」なのか？ クラウドプロバイダー（AzureやAWS）にとっ

GitHub ActionsのランナーをARMへ切り替えるだけでコストが最大1/3に。単なる値下げを超え、x64からの強制移行を促す強烈な方針転換です。セルフホスト維持費がクラウド代を上回る今、ワークフローのアーキテクチャを即座に見直すべきです。

#GitHubActions #CI/CD

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF Projects AI-powered bot hackerbot-claw exploited GitHub Actions workflows across Microsoft, DataDog, and CNCF projects over 7 days using 5 attack techniques. Bot achieved RCE in 5 of 7 targets, stole GitHub to...

An AI-powered bot systematically exploited GitHub Actions across Microsoft, DataDog, and CNCF repos; 5 out of 7 targets compromised. Turns out CI/CD pipelines have their own version of injection attacks, and most teams aren't ready for them. #githubactions #aisecurity www.infoq.com/news/2026/03...

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets Researchers uncovered five malicious Rust crates on crates.io that masqueraded as time-related utilities and exfiltrated .env file data to threat actor-controlled infrastructure. The campaign (notably chrono_anchor) impersonated timeapi.io via timeapis[.]io, and a related AI-powered attack using hackerbot-claw exploited GitHub Actions to compromise Aqua Security’s Trivy extension (CVE-2026-28353), leading to removals and...

Five malicious Rust crates disguised as time utilities stole .env data by mimicking timeapi.io. An AI bot exploited GitHub Actions to hijack Aqua Security’s Trivy (CVE-2026-28353), prompting removals and audits. #RustSecurity #GitHubActions #USA