T1199
Trusted Relationship
discovered 2026-06-01Abuse of npm GitHub Actions trusted publishing, which binds trust to repository + workflow filename rather than branch/ref/environment.
View on MITRE ATT&CKAbuse of npm GitHub Actions trusted publishing, which binds trust to repository + workflow filename rather than branch/ref/environment.
View on MITRE ATT&CKSafeDep keeps analytics anonymous and cookie-free until you opt in. Accepting helps us understand product usage and improve your experience. Privacy Policy
Choose what you share. You can change this anytime from the footer.