This week Jonathan Bennett and Dan Lynch talk with François Proulx of BoostSecurity, talking about the Poutine security scanner, available at https://github.com/boostsecurityio/poutine. It's all about the security vulnerabilities that may lurk in your Github Actions, and Gitlab Pipelines. When someone sends in a pull request, could they run arbitrary code, and is that going to bite you? Listen to find out!

You can join the conversation in the Hackaday Discord, where the show records live each week, as well as getting the full story and show links from Hackaday. Oh, and follow the official Mastadon account!

Theme music: "Newer Wave" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/