腾讯网

GitHub推出智能体自动化代码库维护功能

GitHub正在准备一项新功能,用于自动化DevOps中最昂贵的工作:那些没人愿意承担的隐形维护工作。开发者更愿意构建功能特性,而不是调试不稳定的持续集成(CI)管道、分类低质量问题、更新过时文档或填补测试覆盖率的持续缺口。
腾讯网

GitHub 发布 Agentic Workflows,解锁 AI 驱动的代码库自动化潜力

作者 | Sergio De Simone译者 | 明知山GitHub 最近 推出 Agentic Workflows(智能体工作流) 技术预览版。据 GitHub 介绍,这是一种借助可理解上下文与意图的编码智能体来自动化完成复杂、重复性仓库任务的全新方案。该技术可实现自动问题分类与标注、文档更新、CI 故障排查、测试优化及报告生成等工作流。我们最初探索 ...
Bleeping Computer

Latest GitHub Actions news

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Infosecurity-magazine.com

Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise

A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub action has left a trail of digital destruction, affecting 218 GitHub repositories. As investigators dig deeper ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
InfoWorld

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The ...