Overview
Explore the concept of verifiable GitHub Actions using eBPF in this 28-minute conference talk. Delve into the world of supply chain security and learn how eBPF technology can be leveraged to protect build pipelines from malicious attacks. Discover the solution developed in response to the widespread codecov hack, which utilizes Tracee, an open-source runtime security solution. Gain insights into the process of profiling with eBPF and verifying software builds. Examine the lessons learned over the past two years since the initial release of this innovative approach to securing GitHub Actions.
Syllabus
Verifiable GitHub Actions with eBPF - Jose Donizetti, Aqua
Taught by
CNCF [Cloud Native Computing Foundation]