Protect Your Code with GitHub Security Features • Rob Bos • GOTO 2023

Rob Bos

Protect your code with GitHub's free security features, including commit signing, vulnerability scanning, and more. Learn how to stay secure with GitHub's tools and best practices.

Key takeaways
  • Protect your code by using GitHub’s security features, which are free and available for public repositories.
  • Commit signing allows you to verify the authenticity of commits and prevent unauthorized changes.
  • GitHub offers a free security analysis tool that scans your code for vulnerabilities and provides actionable insights.
  • Use Dependabolt to manage dependencies and keep your code up to date with the latest security patches.
  • Enable two-factor authentication (2FA) for commits to prevent unauthorized access.
  • Use CodeQL to analyze your code and identify potential security vulnerabilities.
  • Set up GitHub Actions to automate manual processes and improve your security posture.
  • Monitor your commit history to detect and prevent unauthorized changes.
  • Utilize GitHub’s secret scanning feature to detect and prevent sensitive information exposure.
  • Enable Dependable security alerts to receive notifications of potential security issues.
  • Use the OWASP Top 10 to improve your understanding of common web application security risks.
  • Consider using a YubiKey or other multi-factor authentication token to add an extra layer of security to your commits.
  • Enable GitHub’s code scanning feature to identify potential security vulnerabilities in your code.
  • Take advantage of GitHub’s free security features, including secret scanning, Dependable security alerts, and code scanning.
  • Make sure to configure your environment correctly to ensure proper security settings are in place.