Hacker News new | past | comments | ask | show | jobs | submit
hsbauauvhabzb | on: Incident with Actions and Pages
Sounds good until you see their cvedetails page
lazystone | parent | next
Hide it behind VPN, so it's not accessible from outside.
PunchyHamster | parent | next
When you own it you can just limit it into vpn-ed company users, that significantly cuts down on the area that can be hit
sofixa | parent
I mean, the GitHub Actions supply chain risks and attacks definitely compensate for any GitLab security vulnerabilities you can think of.