How to Use GitHub Actions with Security in Mind

How to Use GitHub Actions with Security in Mind

NDC Conferences via YouTube Direct link

Remediation

23 of 33

23 of 33

Remediation

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

How to Use GitHub Actions with Security in Mind

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 What are GitHub workflows?
  3. 3 What are GitHub Actions?
  4. 4 Workflow example
  5. 5 Repository security
  6. 6 Code - Who has access?
  7. 7 Configuring access
  8. 8 From the user
  9. 9 Workflow secrets
  10. 10 Who has access to your secrets?
  11. 11 Your code - Best practices
  12. 12 GitHub Actions Security
  13. 13 Best practice: Run the action inside of a container
  14. 14 Persisting data between runs
  15. 15 Workflow runners - Best practice
  16. 16 Verified Creator
  17. 17 Protective measures
  18. 18 Recommendation
  19. 19 Workflow attack vectors
  20. 20 Forks of public repos
  21. 21 Pull Requests
  22. 22 Common fields
  23. 23 Remediation
  24. 24 Forking actions
  25. 25 Staying up to date
  26. 26 Update action versions
  27. 27 Option 1: Use SHA+Dependabot
  28. 28 Use Dependabot
  29. 29 Keep your forked action up to date
  30. 30 Review before merging
  31. 31 Automation
  32. 32 Pros of forking
  33. 33 Best practices summarized

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.