mirror of
https://github.com/gradle/wrapper-validation-action
synced 2024-11-27 10:42:03 +00:00
Merge pull request #12 from JLLeitschuh/chore/JLL/remove_company_note
Remove comment about problem being unique to open source
This commit is contained in:
commit
17df8817b6
1 changed files with 0 additions and 2 deletions
|
@ -24,8 +24,6 @@ Further compounding the issue is that maintainers are most often greeted in thes
|
|||
A fairly simple social engineering supply chain attack against open source would be contribute a helpful “Updated to Gradle xxx” PR that contains malicious code hidden inside this binary JAR.
|
||||
A malicious `gradle-wrapper.jar` could execute, download, or install arbitrary code while otherwise behaving like a completely normal `gradle-wrapper.jar`.
|
||||
|
||||
This problem is unique to open source and doesn’t normally impact companies with closed source and pre-vetted employees.
|
||||
|
||||
## Solution
|
||||
|
||||
We have created a simple GitHub Action that can be applied to any GitHub repository.
|
||||
|
|
Loading…
Reference in a new issue