A GitHub Actions workflow could have been used for a command injection vulnerability in Bazel, which had the potential for threat actors to add malicious code into the production environment for projects using the Google open-source product.
Article Link: Google supply chain bug patched in code-testing tool Bazel | SC Media