Securing Code Repositories: Preventing Fake Dependabot Commits and Stolen GitHub Credentials
Stolen GitHub Credentials Used to Push Fake Dependabot Commits Introduction Threat actors have been using stolen GitHub personal access tokens to push fake Dependabot contributions to hundreds of GitHub repositories, according to a report by application security firm Checkmarx. The attackers used the stolen access tokens to gain access to the repositories and inject malicious…