Cloud & Cybersecurity

How cloud technologies evolve and what it takes to keep systems secure. At the meetup we discover how to secure CI/CD pipelines with GitHub Actions, learn strategies for protecting non-human identities, and dive into real-world cases on securing Cloud Systems.

7 November 2025, 18:00

Registration
Registration
get your ticket
get your ticket

7 November 2025, 18:00

Agenda

18:00

Doors open, registration, drinks & snacks

18:30

Breaking the CI/CD chain: security risks in GitHub Actions

GitHub Actions are vital for CI/CD pipelines, but do you really know what happens under the hood?

This talk breaks down GitHub Actions concepts, explores security risks, and highlights how third-party actions can introduce vulnerabilities. We’ll walk through real-world cases of misconfigurations and vulnerabilities, including the recent tj-actions/changed-files issue, and show how malicious workflows can slip in through third-party actions.

You’ll see how different security tools, from static analysis to runtime monitoring, fit into protecting CI/CD pipelines, and learn practical steps to secure your workflows. Igor will also introduce a new tool that maps and analyzes transitive actions, helping teams understand their impact and reduce exposure.

Attendees will gain a deep understanding of GitHub Actions security, real-world case studies, practical mitigation techniques, and a tool for securing GitHub Actions.

Igor Stepansky

Security Engineer

Video highlights

Photo gallery

Featured speakers & panelists

Igor Stepansky

Security Engineer

Igor Stepansky

Security Engineer

Friends, partners & communities

Would you join us online or offline?

Thanks for registering! We’ll send you a confirmation email soon with all the event details and helpful links.

Oops! Something went wrong while submitting the form.

Secure your spot

AI talks, hot pizza, and cold beer.
You coming?

Get your ticket
Get your ticket

Share your feedback

Tell us what you loved about the event and how we can improve. It’ll only take 5 minutes.

Fill in the form
Fill in the form

About organizer

TechSpot is driven by On The Spot. We bring startups and disruptive tech companies to the local market, offering engineers the opportunity to work on high-impact products. Check out our open positions.

Minsk
Warsaw
Georgia
Belarus
Poland
Remote
Hybrid
Office
Miracle Studio
Notte
Finonex
Dexcelerate
AITHENA
44pixels
On The Spot
Unity
Supersonic
365Scores
Honeybook
Unity Playworks
Aura from Unity
Cycode
Orca Security
Other
HR & Recruitment
User Research & Design
Marketing & Sales
Data & Analytics
Software Testing
Engineering & DevOps