Github Actions Security Best Practices with Reethi Kotti

2.892 Lượt nghe

00:00

Update Required To play the media you will need to either update your browser to a recent version or update your Flash plugin.

Tải MP3

MÔ TẢ MP3TIẾP THEO

Github Actions Security Best Practices with Reethi Kotti

▬▬▬▬▬▬   📝 ABSTRACT & BIO   ▬▬▬▬▬▬
In the world of Continuous Integration and Continuous Deployment, Github Actions provide a
nifty edge to quickly build end-to-end automation right into the repository. This makes integration
of Actions into an organization’s Github repositories pretty straightforward and convenient.
However, if Actions is swiftly adopted without a well chartered security plan, one may quickly
find themselves in muddy waters.

In this episode, we will discuss some of the key security concerns one should be aware of when
using Github Actions. We will also cover the best practices that Salesforce Heroku follows to
securely use this exceedingly popular product.

REETHI KOTTI
Reethi is a Platform Security Engineer at Salesforce Heroku. She enjoys performing deep dive
security reviews, automating manual processes and finding ways to improve the overall Security
posture. Recently she’s been invested in CI/CD tools and finding ways to securely use third
party packages. In her free time, you can find her tending to her many plants and exploring
trails.
▬▬▬▬▬▬   🔗 LINKS   ▬▬▬▬▬▬
SLIDES: 🔗https://bit.ly/3udajov

Additional information about Github Actions can be found at https://docs.github.com/en/actions/learn-github-actions/understanding-github-actions

REFERENCES
1. https://engineering.salesforce.com/github-actions-security-best-practices-b8f9
df5c75f5
2. https://medium.com/cider-sec/bypassing-required-reviews-using-github-action
s-6e1b29135cc7
3. https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
4. https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-r
equest-workflows/

▬▬▬▬▬▬ 🎥 Producer ▬▬▬▬▬▬ 
Nancy Gariché                       ►  https://www.linkedin.com/in/nancygariche
▬▬▬▬▬▬   🎙️Hosts   ▬▬▬▬▬▬ 
Nikki Becher                           ►  https://twitter.com/thedeadrobots 
▬▬▬▬▬▬   👋 Connect with Us   ▬▬▬▬▬▬ 
TWITCH                                 ►  owasp_devslop - Twitch  
MEETUP.COM                        ►  https://www.meetup.com/OWASP-DevSlop-Project/ 
INSTAGRAM                          ►  https://www.instagram.com/owaspdevslop/​
TWITTER                               ►  owasp_devslop					

Github Actions Security Best Practices with Reethi Kotti

Nhạc Theo Chủ Đề

Liên kết website