Protect Your Code with GitHub Security Features • Rob Bos • GOTO 2023

This presentation was recorded at GOTO Aarhus 2023. #GOTOcon #GOTOaar Rob Bos - Continuously Improving with DevOps RESOURCES Rob ABSTRACT Creating modern software has a lot of moving parts. We all build on top of the shoulders of giants by leveraging closed/open source packages or containers that other people have shared. That makes securing our software a lot more complex as well! In this session you’ll learn what possible attack vectors you need to look for, how to protect yourself against them and how to leverage GitHub’s features to make your life easier! Topics: • Signed Commits • Dependabot updates • Dependency scanning for known vulnerabilities • Secret scanning (and revoking) out of the box • Using CodeQL [...] TIMECODES 00:00 Intro 01:19 Agenda 01:57 Commit signing 09:38 Demo 12:47 Commit signing 16:50 Dependabot 20:07 Demo 24:53 Dependabot 26:52 Security alerts on dependencies 28:05 Demo 34:29 Security alerts on dependencies 35:24 Secret scanning 41:20 Demo 43:02 CodeQL 45:45 Demo 48:07 Outro Download slides and read the full abstract here: RECOMMENDED BOOKS Liz Rice • Container Security • Liz Rice • Kubernetes Security • Aaron Parecki • OAuth 2.0 Simplified • Aaron Parecki • OAuth 2.0 Servers • Aaron Parecki • The Little Book of OAuth 2.0 RFCs • Erdal Ozkaya • Cybersecurity: The Beginner’s Guide • Richer & Sanso • OAuth 2 in Action • #GitHub #GitHubSecurity #Security #Dependabot #Dependency #Vulnerability #CodeQL #Programming #SoftwareEngineering #CyberSecurity #RobBos #OWASP #DevOps Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at Sign up for updates and specials at SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.