Protect Your Code with GitHub Security Features • Rob Bos • GOTO 2023
This presentation was recorded at GOTO Aarhus 2023. #GOTOcon #GOTOaar
https://gotoaarhus.com
Rob Bos - Continuously Improving with DevOps
RESOURCES
https://github.com/devops-actions/load-runner-info/pull/307
https://github.com/rob-demo/node-authentication-2881188
https://github.com/rajbos/TailwindTraders-Website
https://github.com/github/codeql
https://sarifweb.azurewebsites.net
Rob
https://twitter.com/RobBos81
https://github.com/rajbos
https://linkedin.com/in/bosrob
https://mstdn.social/@Rob_Bos
https://devopsjournal.io
ABSTRACT
Creating modern software has a lot of moving parts. We all build on top of the shoulders of giants by leveraging closed/open source packages or containers that other people have shared. That makes securing our software a lot more complex as well!
In this session you'll learn what possible attack vectors you need to look for, how to protect yourself against them and how to leverage GitHub's features to make your life easier!
Topics:
• Signed Commits
• Dependabot updates
• Dependency scanning for known vulnerabilities
• Secret scanning (and revoking) out of the box
• Using CodeQL [...]
TIMECODES
00:00 Intro
01:19 Agenda
01:57 Commit signing
09:38 Demo
12:47 Commit signing
16:50 Dependabot
20:07 Demo
24:53 Dependabot
26:52 Security alerts on dependencies
28:05 Demo
34:29 Security alerts on dependencies
35:24 Secret scanning
41:20 Demo
43:02 CodeQL
45:45 Demo
48:07 Outro
Download slides and read the full abstract here:
https://gotoaarhus.com/2023/sessions/2650
RECOMMENDED BOOKS
Liz Rice • Container Security • https://amzn.to/3oU4iJe
Liz Rice • Kubernetes Security • https://www.oreilly.com/library/view/kubernetes-security/9781492039075
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3
Richer & Sanso • OAuth 2 in Action • https://amzn.to/3hXiAH6
https://twitter.com/GOTOcon
https://www.linkedin.com/company/goto-
https://www.facebook.com/GOTOConferences
#GitHub #GitHubSecurity #Security #Dependabot #Dependency #Vulnerability #CodeQL #Programming #SoftwareEngineering #CyberSecurity #RobBos #OWASP #DevOps
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech
Sign up for updates and specials at https://gotopia.tech/newsletter
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
Видео Protect Your Code with GitHub Security Features • Rob Bos • GOTO 2023 канала GOTO Conferences
https://gotoaarhus.com
Rob Bos - Continuously Improving with DevOps
RESOURCES
https://github.com/devops-actions/load-runner-info/pull/307
https://github.com/rob-demo/node-authentication-2881188
https://github.com/rajbos/TailwindTraders-Website
https://github.com/github/codeql
https://sarifweb.azurewebsites.net
Rob
https://twitter.com/RobBos81
https://github.com/rajbos
https://linkedin.com/in/bosrob
https://mstdn.social/@Rob_Bos
https://devopsjournal.io
ABSTRACT
Creating modern software has a lot of moving parts. We all build on top of the shoulders of giants by leveraging closed/open source packages or containers that other people have shared. That makes securing our software a lot more complex as well!
In this session you'll learn what possible attack vectors you need to look for, how to protect yourself against them and how to leverage GitHub's features to make your life easier!
Topics:
• Signed Commits
• Dependabot updates
• Dependency scanning for known vulnerabilities
• Secret scanning (and revoking) out of the box
• Using CodeQL [...]
TIMECODES
00:00 Intro
01:19 Agenda
01:57 Commit signing
09:38 Demo
12:47 Commit signing
16:50 Dependabot
20:07 Demo
24:53 Dependabot
26:52 Security alerts on dependencies
28:05 Demo
34:29 Security alerts on dependencies
35:24 Secret scanning
41:20 Demo
43:02 CodeQL
45:45 Demo
48:07 Outro
Download slides and read the full abstract here:
https://gotoaarhus.com/2023/sessions/2650
RECOMMENDED BOOKS
Liz Rice • Container Security • https://amzn.to/3oU4iJe
Liz Rice • Kubernetes Security • https://www.oreilly.com/library/view/kubernetes-security/9781492039075
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3
Richer & Sanso • OAuth 2 in Action • https://amzn.to/3hXiAH6
https://twitter.com/GOTOcon
https://www.linkedin.com/company/goto-
https://www.facebook.com/GOTOConferences
#GitHub #GitHubSecurity #Security #Dependabot #Dependency #Vulnerability #CodeQL #Programming #SoftwareEngineering #CyberSecurity #RobBos #OWASP #DevOps
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech
Sign up for updates and specials at https://gotopia.tech/newsletter
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
Видео Protect Your Code with GitHub Security Features • Rob Bos • GOTO 2023 канала GOTO Conferences
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Functional Programming in Spring with Arrow, Lenses & Effects • Jacob Bass • YOW! 2019
The Ultimate Metric • Arty Starr • YOW! 2019
Scaling Your Architecture With Services & Events • Randy Shoup • YOW! 2020
Apache Pulsar: The Next Gen Messaging & Queuing System • Karthik Ramasamy • YOW! 2020
One Rule to Rule Them All • Pragmatic Dave Thomas • GOTO 2023
@pragdave & @Belenar82 about #Immutability
Building Green Software Part 4: Operational Efficiency • Anne Currie • GOTO 2023
Small Steps Are the Fastest Way Forward: Life Beyond Agile & Scrum • Sander Hoogendoorn • GOTO 2023
Has My IoT Device Been Hacked? Establishing Trust w/ Remote Attestation • Edlira Dushku • GOTO 2023
Reduce System Complexity with Data-Oriented Programming • Yehonathan Sharvit • GOTO 2023
Concurrency Oriented Programming in a Modern World • Robert Virding & Francesco Cesarini • GOTO 2023
Five Lines of Code • Christian Clausen & Kevlin Henney • GOTO 2023
Shaping Language in Cybersecurity For People • Ceri Jones • GOTO 2023
Simplifying Dev Environments with the Right Tools • Christian Heilmann & Julian Wood • GOTO 2022
Writing For Nerds - Blogging For Fun and (Not Much) Profit • Charles Humble • GOTO 2023
Minimum Viable Architecture • Randy Shoup • YOW! 2022
Why Most Data Projects Fail & How to Avoid It • Jesse Anderson • GOTO 2023
Java in the Cloud with GraalVM • Alina Yurenko • GOTO 2023
Sonic Pi - BEAM Up The VJ! • Sam Aaron • GOTO 2023
Typing Is Not The Bottleneck • Damian Maclennan • YOW! 2019