Securing GitHub Actions
GitHub Actions is the popular automation platform that integrates with your GitHub repositories to easily provide Continuous Integration/Delivery/Deployment and more. But, as with any integration that has access to your source code and can execute automation related to it, there is a very real risk of incurring security issues.
Join DevOps director and author of “Learning GitHub Actions” Brent Laster to understand the different risk dimensions you have when using GitHub Actions and how to best shield your repositories, workflows, and actions against them.
In this 90-minute session, you'll learn:
- Common vulnerabilities that can affect GitHub Actions
- Areas and approaches to secure your work with GitHub Actions, including:
– Security by configuation - implementing appropriate controls and settings to govern what can run and when
– Security by design - leveraging tokens and secrets and to secure data; guarding against common threats such as untrusted input; securing dependencies
– Security by monitoring - reviewing changes especially when coming through pull requests; scanning; monitoring execution
Prerequisites: Good working knowledge of GitHub Actions
About Brent Laster
Hi, I'm Brent Laster - a global trainer and book author, experienced corporate technology developer and leader, and founder and president of Tech Skills Transformations LLC. I've been working with and presenting at NFJS events for many years now and it is always exciting and interesting.
Through my decades in programming and management,I've always tried to make time to learn and develop both technical and leadership skills and share them with others Regardless of the topic or technology, my belief is that there is no substitute for the excitement and sense of potential that come from providing others with the knowledge they need to help them accomplish their goals.
In my spare time, I hang out with my wife Anne-Marie, 4 children and 2 small dogs in Cary, North Carolina where I design and conduct trainings and write books. You can find me on LinkedIn (linkedin.com/in/brentlaster), Twitter (@brentclaster) or through my company's website at www.getskillsnow.com.
More About Brent »