Automating GitHub Security Alerts Into Your Workflow
Offered By: Linux Foundation via YouTube
Course Description
Overview
Learn how to effectively manage GitHub security alerts and integrate them into your workflow in this 39-minute conference talk. Explore best practices for Open Source Program Offices (OSPOs) to handle security vulnerabilities in open source projects at scale. Discover the mechanics and governance of Verizon Media's process for notifying internal employees about CVEs on their projects. Gain insights into the challenges and opportunities for automation, the importance of project visibility, and the corporate perspective on security alerts. Understand the differences between open source and closed source security, and learn how to address false positives. Enhance your organization's approach to open source security and leverage GitHub's security features to protect your projects.
Syllabus
Intro
Project Visibility
What is Information Security
Agenda
What GitHub does right
What does GitHub do
Kudos to GitHub
Its challenging
Automation opportunity
Private repos
Buyer beware
What we did
Call for support
Corporate perspective
GitHub Security Alerts Workflow
Help us
Automate
Security and Open Source
Open Source vs Closed Source
Thank you
Contact Gil
False Positives
Taught by
Linux Foundation
Tags
Related Courses
How Your Company Can Help Sustain Open SourceStrange Loop Conference via YouTube Establishing an Open Source Program Office
Docker via YouTube Importance of Open Source Program Offices
Linux Foundation via YouTube The Open Source Program Office - If It's Such a Good Idea, Why Haven't We Been Doing It?
Linux Foundation via YouTube A Vision of FOSS at Mercedes-Benz
Linux Foundation via YouTube