
Agenda
Doors open, registration, drinks & snacks
Breaking the CI/CD chain: security risks in GitHub Actions
GitHub Actions are vital for CI/CD pipelines, but do you really know what happens under the hood?
This talk breaks down GitHub Actions concepts, explores security risks, and highlights how third-party actions can introduce vulnerabilities. We’ll walk through real-world cases of misconfigurations and vulnerabilities, including the recent tj-actions/changed-files issue, and show how malicious workflows can slip in through third-party actions.
You’ll see how different security tools, from static analysis to runtime monitoring, fit into protecting CI/CD pipelines, and learn practical steps to secure your workflows. Igor will also introduce a new tool that maps and analyzes transitive actions, helping teams understand their impact and reduce exposure.
Attendees will gain a deep understanding of GitHub Actions security, real-world case studies, practical mitigation techniques, and a tool for securing GitHub Actions.

Igor Stepansky
Security Engineer
Video highlights
Featured speakers & panelists
Friends, partners & communities
Registration
Please fill in the fields to register, and we’ll send you a notification to confirm your registration.
7 November 2025, 18:00
Registration is closed. Join the waiting list.
If any spot becomes available, we’ll contact you asap! Otherwise, join us online.
7 November 2025, 18:00
+44 759 092 7942
Thanks for registering! We’ll send you a confirmation email soon with all the event details and helpful links.
About organizer
TechSpot is driven by On The Spot. We bring startups and disruptive tech companies to the local market, offering engineers the opportunity to work on high-impact products. Check out our open positions.