Welcome to the Security category for Universe 2022! #15
Replies: 3 comments 1 reply
-
|
In the "Demystifying end-to-end supply chain security" talk, the presenter once said explicitly "this could be a whole talk" and additionally suggested there was much to cover in this topic. Supply chain attacks are a sizable discussion, and there was some brief mention in the talk about build systems being a target of concern. I would have loved to see a longer talk, and what tools/processes/integrations Github recommends beyond 2fa! |
Beta Was this translation helpful? Give feedback.
-
|
Hi @bambery - thanks for this feedback! Do check out https://slsa.dev/spec/v0.1/requirements (and the other pages on that site) for a comprehensive overview of what capabilities to consider for improving the security of your end-to-end supply chain. For build systems specifically, https://github.com/slsa-framework/slsa-github-generator is a great example of how to meet many of these build security capabilities on GitHub Actions. The whole talk was based off of the content on https://docs.github.com/en/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview, which has many links to specific recommendations on account security (including things beyond 2FA 😉), code security, and build security. |
Beta Was this translation helpful? Give feedback.
-
|
Looking forward to these discussions |
Beta Was this translation helpful? Give feedback.
-
🔒 Is securing your code an aspiration, or actually an achievable goal? This track will cover tooling, techniques, and best practices for securing the software development lifecycle end-to-end. Learn how some of the world’s most successful teams work together to ship secure software at scale, including best practices for managing risk and remediating vulnerabilities. For questions about this space check out the FAQs and don't forget you can tune in live. Let us know what sessions you're attending or loving below!
Beta Was this translation helpful? Give feedback.
All reactions