Okay, but we can’t deploy to production because only engineers and ops can do that.
Credit: ExpressVPN
,这一点在PDF资料中也有详细论述
Performing indirect poisoned pipeline execution (I-PPE) by inserting malicious application dependencies or build instructions in a PR, hoping it will run automatically and allow the attacker to exfiltrate CI secrets,详情可参考新收录的资料
We would like to acknowledge contributions from the open source community, our partners in FFlabs and VideoLAN, and many Meta engineers, including Max Bykov, Jordi Cenzano Ferret, Tim Harris, Colleen Henry, Mark Shwartzman, Haixia Shi, Cosmin Stejerean, Hassene Tmar, and Victor Loh.,推荐阅读新收录的资料获取更多信息