AppSec Without Leaving GitHub

Описание: In this session from LeanAppSec Fall 2023, Omar Quimbaya (Principal Field Security Specialist, GitHub) and Matt Brown (Solution Architect, Endor Labs) discuss and demonstrate how to use GitHub Advanced Security to fix vulnerabilities discovered by Endor Labs - all without ever needing to leave GitHub.

Chapters:
0:00 - Introduction
3:09 - Create a policy using Endor Labs
7:57 - Review GitHub Action to see action for Endor Labs and run workflow
10:20 - Create issue in GitHub for engineering to remediate a vulnerability detected by Endor Labs
13:33 - The value of prioritizing by reachability
16:06 - Static analysis with GitHub Advanced Security and CodeQL
20:58 - Identifying leaked secrets and preventing new secrets from being added to commit history with GitHub Advanced Security
23:39 - Summary of workflow
24:53 - Remediate a vulnerability in Apache Commons Text 1.9
29:16 - Wrap up

—Learn More—

Make Developers' Lives Easier with Endor Labs & GitHub Advanced Security
https://www.endorlabs.com/blog/make-d...

Dependency Resolution in Python: Beware The Phantom Dependency
https://www.endorlabs.com/blog/depend...

—LeanAppSec by Endor Labs—
LeanAppSec is an application security educational program by Endor Labs. It includes quarterly live events featuring industry experts (like this video) and on demand courses.
https://www.leanappsec.com/

—---------------------------
Follow Us on LinkedIn
  / endorlabs  

Learn More About Endor Labs
https://www.endorlabs.com/