Exciting news! DevSecCon London is hosting Marcel Lupo, Microsoft MVP, Cloud Solutions & DevOps Architect and technical speaker, and Joshua Lock, Open Source Software Supply Chain Security Architect at Verizon. Marcel will discuss GitHub Actions authentication methods for Azure, compares two approaches, and highlights the benefits of switching to a passwordless method using Open ID Connect (OIDC) and Joshua will introduce SLSA principles and their application in DevSecOps processes and systems, discusses the threat model guiding SLSA, explains SLSA’s security levels, and provides insight into the open source project’s future plans and how you can contribute.
6:00 PM: in-person doors open
6:30 PM: Session kicks off + Live stream (Virtual viewers join in)
- Session one: Passwordless authentication between GitHub and Azure using federated credentials by Marcel Lupo
- Session two: SLSA, more than just a garnish for your pipelines by Joshua Lock
8:00 PM: That’s a wrap, more drinks and networking for those attending in person
9:00 PM: In-person event ends, doors closed
Session one: Passwordless authentication between GitHub and Azure using federated credentials by Marcel Lupo
Ever wondered how you can authenticate GitHub Actions with Azure? In this talk we look at GitHub Actions authentication methods for Azure, two ways that you can accomplish this and why you’d want to switch the passwordless method using Open ID Connect (OIDC) instead.
Session two: SLSA, more than just a garnish for your pipelines by Joshua Lock
In this talk Joshua will introduce the SLSA project. He will cover: the SLSA principles, including how they are useful principles across DevSecOps processes and systems; look at the threat model which guides SLSA work; introduce SLSA’s security levels; and conclude with a brief summary of the open source project, future plans, and how you can get involved.
Join the Community!
If you haven’t joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity