Listen to the latest episode of the Secure Developer podcastListen now

DSC London

How GitHub causes you a security headache

with Jake Hall


GitHub is amazing, but when you start running at scale with many repositories managing your organisation starts to become a huge hassle.

I’ve hit this problem multiple times across multiple companies and want to share the solution to the problems “how to keep your repos consistent” and “how to secure your GitHub estate”.

GitHub doesn’t provide any real orchestration tools for managing more than 1 repository at once. There are hundreds of options within each repo for access controls, webhooks, labels, disabling issues/projects, choosing a preferred merge approach, branch protection and finally GPG signing – all of these options require continual maintenance to keep them set correctly.

The key takeaways are;
– Just using GitHub doesn’t automatically make your code secure, there are multiple setup steps to take, and things to continually be checking.
– A few key things to check on your Organisation Settings
– Some ways, tools and ideas automate this pain away the DevOps way


Application Security
Open Source
Secure Development
Security Transformation
Threat Modeling

Jake Hall

Engineering Practice Lead

About Jake Hall

Jake is Engineering Practice Lead, he specialises in transforming company cultures towards a more Agile and DevOps mindset. This includes changing ways of working, building tools and implementing continuous deployment pipelines.

His most recent gig includes leading a loyalty company focusing on delivering the right way, not the easy way. Previous clients included working with a finch startup on how to deliver market changing loan products, whilst building something valuable to the customer he’s also lead the charge on laying the foundations to take the product global.

He has also worked with a global asset management company to develop their Agile culture from scratch whilst shipping code to AWS faster.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy