YoVDO

GitHub Supply Chain Security Using GitGat

Offered By: Linux Foundation via edX

Tags

GitHub Courses Access Control Courses Permissions Management Courses Software Supply Chain Security Courses

Course Description

Overview

Source code management systems are where code, ci-scripts, and Infrastructure as Code (IaC) scripts are stored and managed. That means that properly protecting the SCM is an important step towards securing the software supply chain, and specifically - securing your code. In this course, you will gain an understanding of these categories, why they are important, and how to implement the security controls in GitHub. We’ll use the open source GitGat security report as a guide to the needed security steps. We’ll then see how to use GitGat to set a continuous security audit that takes the current state into account. Finally, we’ll peek under the hood to understand OPA (Open Policy Agent), Gitgat’s underlying technology.

The course is for anyone who has a GitHub account, manages repositories on GitHub, or is responsible for securing such repositories or accounts. The course could fit both hobbyists and professionals who manage GitHub organizations. In addition, the “under the hood” sections could be of interest to developers who are interested in OPA-based projects.


Syllabus

  • Welcome to LFD122x!
  • Ch 1. Why should we care about GitHub security posture
  • Ch 2. The GitGat security report
  • Ch 3. Access control
  • Ch 4. Permissions
  • Ch 5. Branch Protections
  • Ch 6. File Modification Tracking
  • Ch 7. Incorporating State and continuous security-posture monitoring.
  • Ch 8. Under the hood 1: Rego and OPA basics
  • Ch 9. Under the hood 2: understanding the Gitgat project
  • Final Exam (verified track only)

Taught by

Barak Brudo and Danny Nebenzahl

Tags

Related Courses

Hardening Your Soft Software Supply Chain
Pluralsight
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight
Securing Your Software Supply Chain with Sigstore
Linux Foundation via edX
Kyverno - Deep Dive - Tech Talks
Mirantis via YouTube
Unearthing Malicious and Risky OpenSource Packages Using Packj
nullcon via YouTube