Explore the concept of verifiable GitHub Actions using eBPF in this 28-minute conference talk. Delve into the world of supply chain security and learn how eBPF technology can be leveraged to protect build pipelines from malicious attacks. Discover the solution developed in response to the widespread codecov hack, which utilizes Tracee, an open-source runtime security solution. Gain insights into the process of profiling with eBPF and verifying software builds. Examine the lessons learned over the past two years since the initial release of this innovative approach to securing GitHub Actions.
Overview
Syllabus
Verifiable GitHub Actions with eBPF - Jose Donizetti, Aqua
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Verifiable GitHub Actions with eBPF
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
-
AZ-400: Implement CI with Azure Pipelines and GitHub Actions
-
Securing CI/CD Systems Through eBPF
-
Security Risks in Third-Party GitHub Actions - Overlooked Consequences
-
Verifiable eBPF Traces for Supply Chain Artifacts with Witness and Tetragon
