SC Magazine
Google supply chain bug patched in code-testing tool Bazel
A GitHub Actions workflow could have been used for a command injection vulnerability in Bazel, which had the potential for threat actors to add malicious code into the production environment for projects using the Google open-source product.