translate everything

src/pentesting-ci-cd/github-security/README.md

@@ -242,3 +242,7 @@ jobs:
 For more info check [https://www.chainguard.dev/unchained/what-the-fork-imposter-commits-in-github-actions-and-ci-cd](https://www.chainguard.dev/unchained/what-the-fork-imposter-commits-in-github-actions-and-ci-cd)
 
 {{#include ../../banners/hacktricks-training.md}}
+
+
+
+

src/pentesting-ci-cd/github-security/abusing-github-actions/README.md

@@ -579,3 +579,7 @@ The following tools are useful to find Github Action workflows and even find vul
 - [https://github.com/carlospolop/PurplePanda](https://github.com/carlospolop/PurplePanda)
 
 {{#include ../../../banners/hacktricks-training.md}}
+
+
+
+

src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-artifact-poisoning.md

@@ -1,2 +1,6 @@
 # Gh Actions - Artifact Poisoning
 
+
+
+
+

src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-cache-poisoning.md

@@ -1,2 +1,6 @@
 # GH Actions - Cache Poisoning
 
+
+
+
+

src/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-context-script-injections.md

@@ -1,2 +1,6 @@
 # Gh Actions - Context Script Injections
 
+
+
+
+

src/pentesting-ci-cd/github-security/accessible-deleted-data-in-github.md

@@ -54,3 +54,7 @@ And the latest one use a short sha-1 that is bruteforceable.
 - [https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github](https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github)
 
 {{#include ../../banners/hacktricks-training.md}}
+
+
+
+

src/pentesting-ci-cd/github-security/basic-github-information.md

@@ -253,3 +253,7 @@ Different protections can be applied to a branch (like to master):
 - [https://docs.github.com/en/actions/security-guides/encrypted-secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets)
 
 {{#include ../../banners/hacktricks-training.md}}
+
+
+
+