Explore GitHub Actions authentication methods for Azure and SLSA principles in DevOps in this comprehensive conference talk featuring Marcel Lupo and Joshua Lock. Dive into the comparison of two Azure authentication approaches, highlighting the benefits of switching to a passwordless method using Open ID Connect (OIDC). Learn about SLSA principles and their application in DevSecOps processes, including the threat model guiding SLSA, security levels, and future plans for the open source project. Gain valuable insights from Marcel Lupo, a Microsoft MVP and Cloud Solutions & DevOps Architect, and Joshua Lock, an Open Source Software Supply Chain Security Architect at Verizon. Discover how to contribute to the SLSA project and enhance your understanding of software supply chain security in this informative 1-hour 18-minute presentation from DevSecCon London.
Overview
Syllabus
GitHub-Azure Authentication and SLSA in DevOps with Marcel Lupo and Joshua Lock
Taught by
DevSecCon
Related Courses
-
Passwordless Authentication Between GitHub and Azure Using Federated Credentials
-
SLSA: Enhancing Software Supply Chain Security - More Than Just a Garnish for Your Pipelines
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
-
AZ-400: Implement security and validate code bases for compliance
-
AZ-400: Implement CI with Azure Pipelines and GitHub Actions
-
Create cloud native apps with Azure and open-source software
