Today I delivered my GitHub Actions & Security session at NDC London for the first time (both for the session and NDC London 😁).
NDC London was a lot of fun! The organizers really went out of their way to enable speakers to even see the attendees, welcome you into the room and guide you through things.
You can find the presentation on SlideShare.
Keep note of this page, as I will start adding new blogpost discussion security measures when using GitHub Actions here with the learnings from this session.
When working in the real world with continuous integration / continuous deployment, you have to take care of your pipelines. - Who can push to an environment? - Who could change the connection strings to the database? - Who can create new resources in your cloud environment? - Do you trust your third party extensions? I’ll go over each of these aspects of your GitHub Actions Workflows and show you what to look for and how to improve your security stance without locking every DevOps engineer out.
More info about this session can be found here.