TY - GEN
T1 - Time for Actions
T2 - 2025 IEEE Secure Development Conference, SecDev 2025
AU - Chaiwut, Narong
AU - Nikiforakis, Nick
N1 - Publisher Copyright:
©2025 IEEE.
PY - 2025
Y1 - 2025
N2 - GitHub Workflows have emerged as one of the most widely adopted CI/CD platforms, with millions of workflows integrated into modern software development. With the ability to encapsulate a subset of workflow functionality into reusable components known as GitHub Actions, any developer can publish their actions to the GitHub Actions Marketplace. To date, there has been no comprehensive analysis of the GitHub Actions Marketplace in terms of the number of actions, their growth over time, and their susceptibility to supply-chain attacks. In this paper, we present a longitudinal study of GitHub actions, aiming to better understand this important, modern software ecosystem. Over a period of four months, we collected and analyzed over 23K GitHub Actions including their source code as well as metadata about their creators. Our analysis investigates marketplace trends, identifies prevalent security issues in GitHub Actions, and characterizes novel attack vectors, including actions typosquatting and dangling remote references.
AB - GitHub Workflows have emerged as one of the most widely adopted CI/CD platforms, with millions of workflows integrated into modern software development. With the ability to encapsulate a subset of workflow functionality into reusable components known as GitHub Actions, any developer can publish their actions to the GitHub Actions Marketplace. To date, there has been no comprehensive analysis of the GitHub Actions Marketplace in terms of the number of actions, their growth over time, and their susceptibility to supply-chain attacks. In this paper, we present a longitudinal study of GitHub actions, aiming to better understand this important, modern software ecosystem. Over a period of four months, we collected and analyzed over 23K GitHub Actions including their source code as well as metadata about their creators. Our analysis investigates marketplace trends, identifies prevalent security issues in GitHub Actions, and characterizes novel attack vectors, including actions typosquatting and dangling remote references.
KW - CI/CD
KW - Github Actions
KW - remote references
UR - https://www.scopus.com/pages/publications/105025199023
U2 - 10.1109/SecDev66745.2025.00023
DO - 10.1109/SecDev66745.2025.00023
M3 - Conference contribution
AN - SCOPUS:105025199023
T3 - Proceedings - 2025 IEEE Secure Development Conference, SecDev 2025
SP - 118
EP - 128
BT - Proceedings - 2025 IEEE Secure Development Conference, SecDev 2025
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 14 October 2025 through 16 October 2025
ER -