DEV Community

Rob Bos
Rob Bos

Posted on • Originally published at devopsjournal.io on

GitHub Actions & Security - NDC London

Today I delivered my GitHub Actions & Security session at NDC London for the first time (both for the session and NDC London 😁).

NDC London was a lot of fun! The organizers really went out of their way to enable speakers to even see the attendees, welcome you into the room and guide you through things.

Presentation

You can find the presentation on SlideShare.

Keep note of this page, as I will start adding new blogpost discussion security measures when using GitHub Actions here with the learnings from this session.

SlideShare image of the presentation

How to secure your GitHub Actions

When working in the real world with continuous integration / continuous deployment, you have to take care of your pipelines. - Who can push to an environment? - Who could change the connection strings to the database? - Who can create new resources in your cloud environment? - Do you trust your third party extensions? I’ll go over each of these aspects of your GitHub Actions Workflows and show you what to look for and how to improve your security stance without locking every DevOps engineer out.

More info about this session can be found here.

Top comments (0)

Read next

code42cate profile image

Globally Replicated Services for the Rest of Us

Jonas Scholz -

undolog profile image

Sync Folders: A Raycast Extension for Effortless Folder Synchronization

Giovambattista Fazioli -

siddhantkcode profile image

Building smarter Docker Images for your development environments with Pants 🚀

Siddhant Khare -

yrizos profile image

Setting Up Visual Studio Code for Rust on macOS

Yannis Rizos -