AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Learn to transform GitHub Actions from a potential security vulnerability into a robust supply chain defense mechanism in this comprehensive conference talk. Explore the critical security risks inherent in CI/CD automation, including token leaks, script injections, and threats from untrusted third-party Actions or compromised runners that can lead to supply chain attacks through malicious code injection, credential theft, or release tampering. Discover actionable strategies for securing your GitHub Actions workflows by implementing the Principle of Least Privilege with GITHUB_TOKEN and OIDC, properly vetting third-party Actions, securing runners, and hardening workflows through input sanitization and code signing. Gain practical knowledge to identify misconfigurations that create attack vectors and understand how real-world incidents demonstrate the urgent need for security in automated pipelines, ultimately enabling you to ensure secure automation and turn your CI/CD processes into a strong supply chain sentinel.
