A place for developers to talk about building on Farcaster.

/dev

The thing that sucks about these supply chain attacks is they will probably result in a knee-jerk reaction to stop using GitHub Actions. GitHub Actions are insanely useful though. https://www.praetorian.com/blog/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/

Yeah, supply chain attacks like this are concerning, but abandoning GitHub Actions entirely would be an overreaction. They’re incredibly useful when implemented securely. The real takeaway should be improving security practices better secret management, tighter permissions, and enhanced monitoring rather than ditching a powerful tool.