Completed
Intro
Class Central Classrooms beta
YouTube playlists curated by Class Central.
Classroom Contents
How to Use GitHub Actions with Security in Mind
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 What are GitHub workflows?
- 3 What are GitHub Actions?
- 4 Workflow example
- 5 Repository security
- 6 Code - Who has access?
- 7 Configuring access
- 8 From the user
- 9 Workflow secrets
- 10 Who has access to your secrets?
- 11 Your code - Best practices
- 12 GitHub Actions Security
- 13 Best practice: Run the action inside of a container
- 14 Persisting data between runs
- 15 Workflow runners - Best practice
- 16 Verified Creator
- 17 Protective measures
- 18 Recommendation
- 19 Workflow attack vectors
- 20 Forks of public repos
- 21 Pull Requests
- 22 Common fields
- 23 Remediation
- 24 Forking actions
- 25 Staying up to date
- 26 Update action versions
- 27 Option 1: Use SHA+Dependabot
- 28 Use Dependabot
- 29 Keep your forked action up to date
- 30 Review before merging
- 31 Automation
- 32 Pros of forking
- 33 Best practices summarized
