This course aims to teach DevOps engineers using GitHub Actions how to enhance the security of their workflows. By covering aspects such as access control, secrets management, best practices for code and repository security, and utilizing self-hosted runners, participants will learn how to improve their security stance without hindering their DevOps processes. The course employs a hands-on approach, providing practical recommendations and best practices for securing GitHub Actions.
Overview
Syllabus
GitHub Actions Security
What are GitHub workflows?
Workflow example
Repository security
Code - Who has access?
Configuring access
From the user
Workflow secrets
Who has access to your secrets?
Your code - Best practices
Your code/repo – trace changes (org level)
Self-hosted runners
Self hosted runners
Workflow Runners Security
Best practice: Run the action inside of a container
Persisting data between runs
Workflow runners - Best practice
Protective measures
Recommendation
Forking actions
Enable DevOps teams to test actions
Staying up to date
Create an update process yourself
Automate the update Use a workflow
Best practices summarized
Taught by
NDC Conferences
Related Courses
-
How to Use GitHub Actions with Security in Mind
-
AZ-400: Implement CI with Azure Pipelines and GitHub Actions
-
DevOps with GitHub and Azure: Implementing CI/CD with GitHub Actions
-
Explore Azure DevOps with GitHub to streamline your development process
-
Learn how Microsoft supports secure software development as part of a cybersecurity solution
-
Developer Keynote - GitHub Actions
