Understanding and Using GitHub Security
Security is a fundamental concern and requirement in all aspects of software development today. And GitHub is the industry-leading collaboration platform for software development. So, it’s crucial that anyone working with/in GitHub understands how to use it securely.
Join expert technologist, trainer and author Brent Laster to survey and learn to use the controls, policies, and automation that GitHub makes available to work securely in its platform. Learn about managing access, dealing with vulnerabilities in your code or dependencies, preventing sensitive data from getting into your repositories, automatically creating needed security updates, and more! This will be a hands-on workshop so you get real experience working with the mechanisms in GitHub. All you need is a GitHub userid and a browser!
Security must be top of mind as you work in GitHub whether you are working in the public site or in an enterprise instance. As the industry leading platform for development and collaboration, GitHub provides a wide variety of security features and options.
But without understanding them, it is very easy to work in GitHub in an insecure way and expose your code and other assets to vulnerabilities. It's also necessary to be able to respond to security issues that arise outside of your control - in your dependencies, in hacking attempts, and in accidental misuse as others collaborate with you. This workshop will provide you with the insight and understanding you need to be able to work in GitHub securely.
Part 1: Introduction and Overview
Topics include:
- Welcome
- Workshop overview and setup
- Importance of having and managing security in GitHub
Part 2: Protecting your access
Topics include:
- How GitHub approaches security - user vs repositories
- Securing access with tokens and keys
Hands-on lab: Securing your account - managing authentication with fine-grained personal access tokens
Part 3: Protecting your repositories
Topics include:
- Understanding repo security risks
- Best practices for securing repos
- Using branch protection and rulesets
Hands-on lab: Setting up branch protection and rulesets and trying it out
Part 4: Protecting your code
Topics include:
- GitHub's Advanced Security offering
- Scanning for vulnerabilities with CodeQL
Hands-on lab: Setting up CodeQL and responding to issues
Part 5: Protecting your credentials
Topics include
- What secrets are in GitHub
- Setting up and using secrets scanning
- Responding to secrets scanning alerts
Hands-on lab: Setting up secret scanning for your repos and responding to alerts
Part 6: Protecting your dependencies
Topics include
- Code scanning and dependency vulnerability assessments
- Setting up and using Dependabot for automated dependency updates
Hands-on lab: Using Dependabot to manage your dependency vulnerabilties and updates
Wrap-up and other security topics (as time allows)
About Brent Laster
Hi, I'm Brent Laster - a global trainer and book author, experienced corporate technology developer and leader, and founder and president of Tech Skills Transformations LLC. I've been working with and presenting at NFJS events for many years now and it is always exciting and interesting.
Through my decades in programming and management,I've always tried to make time to learn and develop both technical and leadership skills and share them with others Regardless of the topic or technology, my belief is that there is no substitute for the excitement and sense of potential that come from providing others with the knowledge they need to help them accomplish their goals.
In my spare time, I hang out with my wife Anne-Marie, 4 children and 2 small dogs in Cary, North Carolina where I design and conduct trainings and write books. You can find me on LinkedIn (linkedin.com/in/brentlaster), Twitter (@brentclaster) or through my company's website at www.getskillsnow.com.
More About Brent »