Thursday
Track 5
13:40 - 14:40
(UTC±00)
Talk (60 min)
How to secure your GitHub Actions
When working in the real world with continuous integration / continuous deployment, you have to take care of your pipelines. - Who can push to an environment? - Who could change the connection strings to the database? - Who can create new resources in your cloud environment? - Do you trust your third party extensions? I'll go over each of these aspects of your GitHub Actions Workflows and show you what to look for and how to improve your security stance without locking every DevOps engineer out. First public delivery Target audience: DevOps engineers using GitHub Actions
Cloud
Microsoft
Security
DevOps