Home Conference Sessions Protect Your Cod...

Protect Your Code with GitHub Security Features

Rob Bos | GOTO Aarhus 2023

You need to be signed in to add a collection

Creating modern software has a lot of moving parts. We all build on top of the shoulders of giants by leveraging closed/open source packages or containers that other people have shared. That makes securing our software a lot more complex as well! In this session you'll learn what possible attack vectors you need to look for, how to protect yourself against them and how to leverage GitHub's features to make your life easier! Topics: * Signed Commits * Dependabot updates * Dependency scanning for known vulnerabilities * Secret scanning (and revoking) out of the box * Using CodeQL

Share on:
linkedin facebook
Copied!

Transcript

Creating modern software has a lot of moving parts. We all build on top of the shoulders of giants by leveraging closed/open source packages or containers that other people have shared. That makes securing our software a lot more complex as well!

In this session you'll learn what possible attack vectors you need to look for, how to protect yourself against them and how to leverage GitHub's features to make your life easier!

Topics:

  • Signed Commits
  • Dependabot updates
  • Dependency scanning for known vulnerabilities
  • Secret scanning (and revoking) out of the box
  • Using CodeQL

About the speakers

Rob Bos

Rob Bos

Continuously improving with DevOps