Protect Your Code with GitHub Security Features in 5 Minutes • Rob Bos • GOTO 2023

This presentation was recorded for GOTO Byte-Sized. #GOTOcon #GOTO https://gotopia.tech Rob Bos - Continuously Improving with DevOps READ MORE "Elevating Security Awareness in Software Development with GitHub Features": https://gotopia.tech/articles/273 Check out the full talk: https://youtu.be/1CICkxLKVmE RESOURCES https://github.com/devops-actions/load-runner-info/pull/307 https://github.com/rob-demo/node-authentication-2881188 https://github.com/rajbos/TailwindTraders-Website https://github.com/github/codeql https://sarifweb.azurewebsites.net Rob https://twitter.com/RobBos81 https://github.com/rajbos https://linkedin.com/in/bosrob https://mstdn.social/@Rob_Bos https://devopsjournal.io ABSTRACT Creating modern software has a lot of moving parts. We all build on top of the shoulders of giants by leveraging closed/open source packages or containers that other people have shared. That makes securing our software a lot more complex as well! In this session you'll learn what possible attack vectors you need to look for, how to protect yourself against them and how to leverage GitHub's features to make your life easier! Topics: • Signed Commits • Dependabot updates • Dependency scanning for known vulnerabilities • Secret scanning (and revoking) out of the box • Using CodeQL [...] Download slides and read the full abstract here: https://gotoaarhus.com/2023/sessions/2650 RECOMMENDED BOOKS Liz Rice • Container Security • https://amzn.to/3oU4iJe Liz Rice • Kubernetes Security • https://www.oreilly.com/library/view/kubernetes-security/9781492039075 Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3 Richer & Sanso • OAuth 2 in Action • https://amzn.to/3hXiAH6 https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.instagram.com/goto_con https://www.facebook.com/GOTOConferences #GitHub #GitHubSecurity #Security #Dependabot #Dependency #Vulnerability #CodeQL #Programming #SoftwareEngineering #CyberSecurity #RobBos #OWASP #DevOps #GOTObytesized #ByteSized Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1