YoVDO

Securing the npm Ecosystem - Enhancing Trust in Open Source

Offered By: Linux Foundation via YouTube

Tags

npm Courses GitHub Courses Two-Factor Authentication Courses Sigstore Courses Access Tokens Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the critical work GitHub is undertaking to secure the npm ecosystem in this 23-minute Linux Foundation conference talk. Delve into the importance of trust in open source and GitHub's role as stewards. Learn about measures implemented to prevent account takeovers, including improved two-factor authentication experiences, web authentication, and enhanced account recovery processes. Discover new features such as granular access tokens, code explorer, and Sigstore integration. Gain insights into the ongoing efforts to protect the open-source dependencies we all rely on, presented by Abigail Cabunoc Mayes from GitHub.

Syllabus

Intro
Acknowledgements
Abigail introduction
Agenda
Why focus on security
Open Source is built on trust
GitHub is the stewards
Npm is a critical tool
Account Takeovers
What we learned
The plan
Login verification
Adoption update
Improved 2FA experience
Web authen
Better 2FA management
Better 2FA enforcement
Improved account recovery
New releases
granular access token
code explorer
Sigstore
Repository
Wrap up
Thank you


Taught by

Linux Foundation

Tags

Related Courses

Securing Your Software Supply Chain with Sigstore
Linux Foundation via edX Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Rawkode Academy via YouTube Protecting the World's Greatest Open Source Ecosystem with Sigstore
Devoxx via YouTube PGP vs Sigstore - The Match at Maven Central
Devoxx via YouTube Securing Your Infrastructure as Code Pipeline
Linux Foundation via YouTube