At GitHub we believe that we have both the opportunity and the responsibility to help secure the world's software. Our approach is to focus on empowering developers and GitHub Advanced Security is our product portfolio that we're developing towards this end.
This talk provides an overview of GitHub Advanced Security. This covers (i) finding vulnerabilities in your code (code scanning with our static analysis engine CodeQL), (ii) finding and preventing leaks of credentials/tokens (secret scanning), and securing your (open source) dependencies (Supply chain security).
We might even touch on how we’re leveraging AI to help developers secure code ;)