Overview
Explore GitHub Advanced Security's role in empowering developers to secure the world's software in this comprehensive talk from GOTO Copenhagen 2023. Delve into the three main pillars of GitHub's security approach: finding vulnerabilities in code through CodeQL static analysis, preventing credential leaks with secret scanning, and securing open-source dependencies. Learn about real-world security breaches, including a Fortnite account hack, to understand the importance of robust security measures. Discover how GitHub leverages AI to enhance code security and get insights into the CodeQL community. Gain valuable knowledge about modern software security practices and tools to protect your projects from potential threats.
Syllabus
Intro
Hacking Fortnite accounts
1. Your code
2. Your code dependencies
3. Secrets for service dependencies
GitHub advanced security
CodeQL
CodeQL Community
Outro
Taught by
GOTO Conferences