DevSecCon London

How GitHub causes you a security headache

WITH Andy March

GitHub is amazing, but when you start running at scale with many repositories managing your organisation starts to become a huge hassle.

I’ve hit this problem multiple times across multiple companies and want to share the solution to the problems “how to keep your repos consistent” and “how to secure your GitHub estate”.

GitHub doesn’t provide any real orchestration tools for managing more than 1 repository at once. There are hundreds of options within each repo for access controls, webhooks, labels, disabling issues/projects, choosing a preferred merge approach, branch protection and finally GPG signing – all of these options require continual maintenance to keep them set correctly.

The key takeaways:
– Just using GitHub doesn’t automatically make your code secure, there are multiple setup steps to take, and things to continually be checking.
– A few key things to check on your Organisation Settings
– Some ways, tools and ideas automate this pain away the DevOps way

Key links mentioned in this session:
Coming soon
About our Guest
Jake Hall

Jake is Engineering Practice Lead, he specialises in transforming company cultures towards a more Agile and DevOps mindset. This includes changing ways of working, building tools and implementing continuous deployment pipelines.

His most recent gig includes leading a loyalty company focusing on delivering the right way, not the easy way. Previous clients included working with a finch startup on how to deliver market changing loan products, whilst building something valuable to the customer he’s also lead the charge on laying the foundations to take the product global.

He has also worked with a global asset management company to develop their Agile culture from scratch whilst shipping code to AWS faster.

Related Posts

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.