Developer-first application security

Описание: Shawn Kelly and Andrew McCoy dig into how you can improve the security of your software supply chain by learning from the failures of the greater industrial supply chain.

0:00 - Start
2:06 - Supply chain instability
5:30 - Learning from industrial recalls and applying them to the software supply chain
10:10 - Open source software supply chain vulnerabilities
19:30 - Trust and the software development lifecycle
23:20 - Progress in security workflows on GitHub
26:26 - Our approach to security, supporting open source, giving you high levels of signal and control
27:53 - GitHub security advisories
31:07 - Q&A
33:07 - Dependency graph and Dependabot alerts
33:56 - GitHub Packages and Actions workflows
36:20 - Creating an allow/deny list of dependencies and automating response times via https://github.com/GeekMasher/advance...

For the full series: https://resources.github.com/webcasts...