Skip to content

Website for our Usenix'23 paper - ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions

License

Notifications You must be signed in to change notification settings

purs3lab/Argus_website

Repository files navigation

ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions

Welcome to the GitHub repository for the research paper "ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions". This repository contains the website that provides an overview of the paper, its findings, and the ARGUS system. The paper was accepted at USENIX Security 2023.

Overview

The paper presents ARGUS, the first static taint analysis system for identifying code injection vulnerabilities in GitHub Actions. The authors conducted a large-scale evaluation on 2,778,483 Workflows referencing 31,725 Actions and discovered critical code injection vulnerabilities in 4,307 Workflows and 80 Actions. The paper demonstrates that command injection vulnerabilities in the GitHub Actions ecosystem are not only pervasive but also require taint analysis to be detected.

Repository Structure

index.html: The main webpage file that provides an overview of the paper and the ARGUS system. contact.html: This webpage provides contact information for the authors.

How to Use

To view the website, simply clone this repository and open the index.html file in your web browser.

git clone https://github.com/username/argus-paper-website.git
cd argus-paper-website

Contributing

We welcome contributions to this repository. If you find any issues or have suggestions for improvements, please open an issue. If you wish to contribute directly, please fork this repository, make your changes, and open a pull request.

License

This project is licensed under the MIT License. See the LICENSE file for more details.

Contact

For any questions or comments, please contact the maintainer of this website, Siddharth Muralee.

About

Website for our Usenix'23 paper - ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •