GitHub / Demo Days

Emma Irwin, Senior Program Manager, from Microsoft's Open Source Program Office speaks through her own journey in open source and resources that she created as a result of her OSPO research.

0:00 - Start
2:01 - Emma's open source story
7:30 - Pushing through adversity and broadening my skillset
11:10 - Open source learning based on research
13:05 - What do I need to be competent in to work in open source?
16:49 - Our approach to onboarding
27:03 - Final thoughts

https://opensource.microsoft.com/program/
https://github.com/microsoft/ospo-courses/
https://github.com/microsoft/OSPO-Courses/tree/main/mapping-your-oss-career

Keith Hoodlet, Field Security Architect, chats with Simon Bennetts about OWASP Zed Attack Proxy (ZAP) the world's most used open source web application security tool.

0:00 - Start & Intros
3:14 - What inspired you to work on the ZAP project? Necessity as the mother of invention, the OWASP Top 10, and embarking on a security journey without any security training
10:02 - ZAP's progress over time
12:06 - What security challenges do you see in the near future?
14:09 - Open source as a career springboard
16:44 - The ZAP HUD & a demo
26:51 - The value of a graphical interface for security testing
28:30 - Automation within ZAP itself vs the API
32:18 - ZAP reporting
35:11 - Stackhawk , ZAP and playing to your strengths
39:25 - ZapCon
42:26 - Other open source security resources

https://www.stackhawk.com/blog/guide-to-zap-application-security-testing/
https://www.zaproxy.org/
https://owasp.org/www-project-zap/

Darcy Clarke, Staff Software engineering manager walks us through two significant additions to the npm-cli, workspaces and overrides along with a tour of npm's progress though last year.

0:00 - Start
2:26 - npm helps you manage packages at the pace of Javascript development
3:35 - key features of v7.0.0, progress further into the release line, dropping Node 10, and the latest changes through v8.3.0
7:32 - npm workspaces: https://docs.npmjs.com/cli/v8/using-npm/workspaces
9:51 - workspaces demo from scratch
16:32 - npm pkg
18:20 - scripts
20:45 - filtered installs
25:20 - recap of Workspace Aware Configuration
26:25 - npm overrides: https://docs.npmjs.com/cli/v8/configuring-npm/package-json#overrides
29:12 - overrides demo
32:53 - 2022 roadmap

https://docs.npmjs.com/cli/v8

Mercado Libre (NASDAQ: MELI) is Latin America’s leading e-commerce platform, and LATAM's most valuable company by market capitalization.

In this edition of Demo Days, we join MELI's Static Application Security Testing (SAST) team. We’ll learn about their unique approach to application security, and how they are using GitHub CodeQL to secure the code that powers a platform with over 132M active users.

Valeria: https://www.linkedin.com/in/valeria-silvestri/
Camila: linkedin.com/in/camila-seoane-053361227
Natalia: https://www.linkedin.com/in/natalia-lucia-pesaresi-b835a1183/
Lucia: https://www.linkedin.com/in/lucia-ines-romero-4a099114a/

https://codeql.github.com/

You've migrated your project to GitHub, now what? We're going to take the example of a Node.js project with planning via Jira, coding in VS Code, GitHub Actions for CI/CD and deployment via Azure to walk through how you can expand GitHub's capabilities with your own toolchain.

0:00 - Start
1:22 - Structure through the lens of DevOps
2:29 - 3 pathways to extending GitHub capabilities
4:50 - Bringing Jira planning to GitHub via the GitHub Marketplace
9:28 - Closing the loop on the Jira side
13:57 - Suggested GitHub Actions based on your technology stack
16:30 - Configuring the workflow and deploying to Azure
23:90 - Making a change and following it end-to-end
24:03 - Download the project locally or open up a Codespace?
27:50 - Commit changes and sync back to the Jira ticket
33:37 - Customizing the workflow file to add automation
43:00 - Leveraging the integration

https://github.com/marketplace

Stuck in cycle of shipping, shipping and shipping but not getting traction for your work? Worse yet, you take the time to do sprint retros but they just feel like an admin burden. Or worst of all, does your team conclude that what’s not working is “out of your control?”

We cover why retros are so important for teams—and how to run a good one.

0:00 - Start
2:05 - What is a retrospective meeting?
4:29 - Why have retro meetings?
8:42 - How to have a retro
19:26 - Dos and Don'ts
26:53 - Different prompts and formats
33:47 - Tools for retro-ing in a virtual/remote-first world
39:57 - Q&A

https://githubuniverse.com
https://github.co/dev-productivity

An overview of the 4 key DORA metrics and how to leverage GitHub to help move you from low to elite performer. We’ll also look at key trends from the 2021 State of DevOps Report and how GitHub can help you keep up with the best practices outlined.

0:00 - Start and Intro
2:58 - Outline
3:48 - What is DORA?
5:12 - How successful is your company? (In a DevOps context)
6:14 - Four metrics that actually matter
8:20 - Reporting on the state of the industry and finding your place in it
15:56 - How to improve Deployment frequency and reduce lead time for changes
23:30 - Integrations, tools and process
26:44 - Time to restore service and change failure rate
29:09 - Key findings of Accelerate State of DevOps 2021
32:39 - Security is speed
35:41 - Documentation is underrated
41:00 - Q&A
44:39 - GitHub Universe is almost here!

https://githubuniverse.com

Phil takes us through some specific uses of GitHub Actions that are not related to build/test/deploy. As a bonus, in these multiple examples he also lays down an easy framework for building any new automation that your organization could need.

0:00 - Start
1:35 - Overview
2:27 - Audit organization permissions and access
8:16 - Open source dependencies/software supply chain license and policy compliance
17:02 - Automating traceability via issue branches
25:21 - Requiring that pull requests reference an issue
30:42 - Improving notification signal/noise with issue labels, and advanced token management
39:24 - Automating the labeling itself
43:55 - TODO comments that generate issues

Register for https://githubuniverse.com A free event on 27-Oct to 28-Oct.

In this session, we’ll take a deep-dive into how GitHub Enterprise can help you build faster, better, and more securely. We’ll show you how to build security into your GitHub workflow, keeping secrets and vulnerabilities out of your codebase from day one. By the end of this session you’ll know how to stay on top of vulnerabilities as they arise and be able to leverage the security community’s expertise (without compromising your code).

0:00 - Start
1:27 - Implement security in 30 minutes
3:11 - Security capabilities in the Supply Chain, in your Code and in the Development Lifecycle (DevSecOps)
4:04 - Secret Scanning in GitHub Enterprise Cloud and eliminating leaked access tokens.
7:13 - Scanning for your company specific custom tokens
11:31 - Code Scanning - Static code analysis with CodeQL
19:56 - Easing tension between Security teams and Development teams
21:39 - Giving developers actionable security alerts, not just more notifications
26:31 - Security overview - The state of security across your entire organization
28:11 - Open source vulnerability scanning and managing the dependency tree
32:45 - Dependency review - finding vulnerabilities before merging changes
34:31 - Q&A
37:06 - Dealing with novel threats and vulnerabilities

https://githubuniverse.com

How can GitHub help you secure your account and the projects that you work on? Jose Palafox, Director Technology Partnerships for GitHub advanced security and Luke Walker, Director, Developer Programs at Yubico talk through setting up a security key to SSH into your GitHub account and why passwords are now a thing of the past.

0:00 - Start
0:31 - Passwords are not sufficient, how can GitHub help you secure your account?
2:37 - The evolution of Account Security
3:51 - Our responsibility to developers
4:28 - Intro to Yubico
5:30 - Overview of the FIDO2 protocol
7:56 - The registration and authentication ceremonies
10:21 - SSH with Security Keys Demo
12:51 - Setting up SSH access to GitHub
14:27 - Verifying that the key is set up properly
17:21 - Resident keys and PINs
18:36 - What if my key is lost or stolen?
20:09 - Q&A
27:24 - Announcing GitHub Universe

https://www.yubico.com/
Secure at every step: https://github.com/features/security

https://githubuniverse.com

Josh Abernathy talks through GitHub Codespaces and some of the ways that developing in the cloud has changed how the GitHub engineering team works.

0:00 - Start
2:45 - Lowering the barriers to entry
7:23 - Decreasing distraction
11:36 - Increased productivity
12:45 - GitHub Codespaces Demo
16:23 - "What didn't happen"
20:28 - Installing additional tools to a Codespace
23:50 - Making a change to the app and making it sharable/reviewable


https://github.com/features/codespaces

James Le Ha starts with an idea in an issue and takes it all the way to a Production deployment fully leveraging automations available in GitHub

0:00 - Start
1:13 - GitHub Automated Workflows
1:53 - Process overview and the new GitHub Issue forms
4:31 - GitHub Actions
7:30 - local build vs GitHub Codespace, the end of "Works on my machine!" problems
9:23 - Running the webapp
10:38 - Making changes to the application
13:31 - Digging into the Redis database
14:42 - Committing our changes to the repo
15:37 - GitHub CLI
18:19 - Action workflows triggered by pull requests
21:39 - Security vulnerability scanning with CodeQL
23:17 - Deploy flexibility with ChatOps in Microsoft Teams
28:10 - Verifying the deployment
29:30 - Merge Automation
30:32 - Available Code scanning tools
31:37 - AKS Cleanup PR, resource automation
33:18 - Workflow graph
36:03 - Environments and Secrets
38:44 - Release Automation
39:30 - Packages and Containers
42:24 - GitHub project tables
45:37 - All the Ops defined!

Demo repo: https://github.com/James-LeHa/DemoDay-AKS-to-Z

Matt Butler, Senior Product Manager, shows how rapidly the new GitHub Issues adapts to the way your team works.

0:00 - Start
0:40 - Planning and Tracking as it relates to Developer velocity
2:15 - Why use GitHub Issues to plan and track work?
3:34 - A first look at GitHub project tables/spreadsheets
7:00 - Moving to a project board view/Kanban and slicing views on the fly
9:29 - Three variations on workflows - standard backlog management
14:39 - An iteration-focused workflow/sprints
19:46 - Planning view vs managing the current sprint day-to-day
22:57 - Epic tracking and building a birds-eye view
34:22 - Dynamic filtering for different views


Sign up for the beta: https://github.com/features/issues

2:15 - Program Start
5:23 - Why developer productivity matters
9:14 - A developer-first approach to productivity
13:56 - The SPACE of developer productivity http://aka.ms/spacepaper
22:46 - Developer productivity myths
26:35 - Q&A 1
31:28 - The Good Day Project first hand
38:26 - Results and sentiment from this approach
45:56 - Implementation via Slack
53:22 - Q&A 2

Measuring productivity by your PRs? We’ll stop you right there :hand: With experiments like The Good Day Project Eirini Kalliamvakou found better ways to stay focused on code and know where work is making an impact.

blog post: https://github.blog/2021-05-25-octoverse-spotlight-good-day-project/
papers: https://aka.ms/spacepaper
https://aka.ms/spacetalk
https://aka.ms/dvl

2:04 - Program Start
3:49 - Overview
10:02 - Multi-Cloud Data Protection and Management
14:24 - A persona based view of the challenge
18:14 - TVK Runner for GitHub Actions
21:54 - live demo

GitHub Solutions Architect, Andrew Mccoy (Moose0621), is joined by Prashanto Kochavara and Ben Morrison of trilio.io to dig into Kubernetes, cloud-native deployment pain points and how they use GitHub Actions along with the TVK to solve issues when deploying to Production.

https://www.trilio.io/triliovault-for-kubernetes/

For upcoming Demo Days: https://www.linkedin.com/company/github

2:08 - Program Start
3:17 - Introductions
5:19 - What is MITRE SAF? Security Automation Framework
6:50 - Four essential components to the framework
9:14 - STIG, compliance and hardening points
14:03 - An end-to-end implementation with GitHub Actions
19:12 - The test matrix
23:55 - Use in safety critical systems
24:35 - Communicating outputs visually to users
29:35 - Integration of artifacts into the full system
32:28 - Integration with other tools
35:28 - InspecTools and changes to STIG
37:43 - Heimdall tools and GitHub Actions
47:32 - How to run Heimdall
53:02 - Managing package updates
56:17 - A live fork of SAF


A core component of a successful infrastructure-as-code strategy is an automated security and compliance workflow that encompasses both your application and system-level artifacts. In this session, Robert Clark and Aaron Lippold help us learn how MITRE is using GitHub Actions to develop it’s Security Automation Framework (SAF), a package of tools and best practices that help users identify applicable security and privacy requirements, assess development best practices guidance and implement relevant security hardening scripts.

https://saf.mitre.org/

2:08 - Program Start
3:34 - Overview of IaC and important distinctions
12:13 - What makes Infrastructure as Code work?
17:34 - The core components of IaC
20:16 - Demo stack: https://github.com/jefeish/demo-days-21_IaC-in-github
22:35 - GitHub Enterprise on a Multicloud
24:37 - Hands-on Demo
27:40 - Hubot & Chatops and connecting them to Slack
30:05 - API Token handling
34:20 - Preparing the Infrastructure as Code and state files
35:43 - Running IaC
40:33 - What did we get?
43:28 - Looking at the State files
47:10 - Closing thoughts

Jürgen Efeish explains Infrastructure as Code by looking at how we at GitHub use IaC to deploy GitHub Enterprise and make it easily available in the marketplace.

For the next session in this series: https://www.linkedin.com/events/demodays-howmitreusesgithubacti6803786085974589440/

2:06 - Program Start
3:43 - Overview
4:55 - What is Infrastructure?
7:05 - ...as code?
9:12 - Demo staring from a GitHub Repo and deploying to the cloud
11:23 - Breaking down the necessary components
12:45 - Infrastructure as Code in a project
15:19 - Usha N.'s source example: https://github.com/Azure-Samples/node_express_app
16:11 - Putting the pieces together
18:11 - What are the benefits of #InfrastructureAsCode #IaC?
20:12 - What's deployed in your cloud?
20:55 - A brief word on compliance
22:44 - How to get started
24:40 - Templating engines and multiple pathways to #IaC
26:53 - In-depth demo, seeing the pieces in action
35:41 - how it flows in the Azure portal
39:55 - How does this scale? Why is trust important?
42:12 - Triggering GitHub Actions
46:11 - Managing secrets
56:01 - Following a PR from start to Production deploy
1:05:40 - Transparency, traceability and trust
1:11:17 - Managing secrets responsibly

Evgeny Rahman and Eric Johnson discuss Infrastructure as code from first principals, define what #IaC is, why it's something you would be interested in, and walk you through what an IaC pathway looks like. Improve your developer velocity while creating scalable, trusted workflows.

For the next session in this series: https://www.linkedin.com/events/6803785695086415872/

2:03 - Program Start
3:34 - Introductions
6:23 - What is InnerSource? A brief recap
7:23 - Why adopt InnerSource?
18:42 - How did Microsoft open source their documentation?
22:15 - Where to begin with InnerSource?
22:55 - Seed projects
30:05 - Processes and tools
49:20 - Getting buy in
56:17 - Creating a culture of sharing
1:01:50 - Measuring the success of an InnerSource project

Part 3 in our series on InnerSource, Jamie Strusz and Gus Stewart Implementation Engineers talk through the practical steps needed to get a successful InnerSource project off the ground. From your first seed project to a fully developed program, here's exactly where to begin!

2:03 - Program Start
4:15 - What makes #InnerSource successful?
6:10 - What is the discoverability problem?
7:26 - Repository visibility controls
10:29 - The importance of descriptions and topics
13:19 - Building a Community of Practice
18:18 - Write that blog!
20:38 - Internal comms
24:47 - #InnerSource portal demo
33:39 - Enterprise showcase - an active list of subject-specific projects
37:29 - Using Codespaces to modify the collection
41:18 - Getting contributions to your projects, README
43:46 - Contributing.md
44:48 - Template files
45:18 - Issue templates
46:29 - Pull Request templates
48:14 - Hackathons
49:25 - Being a good maintainer
51:53 - Codespaces

Practical and specific steps for making sure that your #InnerSource efforts gain traction within your organization. Make your projects easier to discover, contribute to and use. Use momentum to your advantage by building an internal community of champions. Matt Desmond, Solutions Engineer and Chris McIntosh DevOps Engineer talk through why discoverability is key.

InnerSource commons: https://innersourcecommons.org
Resource links from the session: https://github.com/demo-days/innersource-discoverability

2:02 - Program Start
3:34 - Q&A Intro
3:55 - What is InnerSource and how is it different from Open Source?
8:10 - How do you start practicing InnerSource?
12:49 - Who would be the most important stakeholder in supporting an InnerSource initiative
16:47 - What is an Open Source Programs Office?
20:19 - Do organizations have to fully adopt open source practices to be effective?
25:35 - How can I implement or adopt InnerSource? What are the first steps?
31:55 - How do I measure the success of InnerSource?
43:51 - What tools can help improve the discovery of InnerSource projects within a company?
45:35 - A practical checklist for getting started with InnerSource
50:42 - Further resources

What is #InnerSource? How is it different from Open Source? How does it help organizations? What are practical steps to move InnerSource forward within a company? These and many more questions are answered by Zack Koppert and Prem Ponuthorai, Senior DevOps Engineers.

InnerSource Commons: https://innersourcecommons.org/
InnerSourceFAQ template: https://github.com/demo-days/innersource-faq-template

2:05 - Program Start
5:23 - What is an OSPO?
7:21 - What industries benefit from OSPOs?
9:05 - Why would I want to start one?
16:09 - How does an organization start one?
21:26 - How does the OSPO know what policies to create?
27:13 - How to make good decisions with respect to software licenses?
29:21 - Where does the OSPO properly fit on the org chart?
36:46 - What is a good mix of people/roles in the OSPO
40:43 - Is this part-time work?
42:48 - How do I know that the OSPO is being successful?
48:55 - What about OSPO failures? What are the biggest risks?
53:06 - Additional resources

How do you manage the open source projects that your company uses? What's an OSPO, who should be in it and why?

Am I allowed to reuse this code inside a company project? What legal liabilities do we have around this piece of code that came from a partner or open source? These and many more questions are tackled by Natalie Bradley, Regional Director, Professional Services and Zack Koppert, Senior DevOps Engineer and open source project maintainer.

Next on Demo Days: https://www.linkedin.com/events/6793666268064034816/

So now you're hyped up on open source and find all sorts of components to use in your own project. But how to do so while still staying on top of the latest security vulnerabilities in open source? By integrating some of the features in this Demo Day, you can programmatically understand risks in your software supply chain.

2:03 - Start & Intros
5:51 - Security Frameworks
7:58 - Identify - detecting the open source that we're using in our project with the Dependency graph
12:57 - Org level security issues (GitHub Advanced Security)
15:30 - Repository security policy
18:14 - Protect - reviewing dependency changes and why you might want to pro-actively update dependencies
22:35 - Dependency review, Rich diffs, and security advisories
28:30 - Pro-active updates
32:48 - Detect - dealing with novel vulnerabilities
34:53 - Dependabot alerts and Security updates
41:59 - Respond - Privately collaborating on fixes to vulnerabilities and disclosing vulnerabilities.

Hands-on training: https://lab.github.com/githubtraining/securing-your-workflows

Whether you're someone looking to make their first contribution to open source, or you're on a dev team trying to improve the quality and time to ship of your code, this video is for you.

@Eddie Jaoude and Andrea Griffiths take us on an intense discussion about the major whys and hows of open source software, especially when you just want to get things done. More than just "how do I contribute" or "how do I use open source" the two of them really dig into the thoughts and processes that are necessary pre-requisites before contributing to or consuming software.

If you've been following along with Demo Days, we've primarily focused on deep dives into specific GitHub product features, but this time around we've switched things up to focus on the fundamentals of open source...but perhaps not in the way you might expect.

In these videos, we're going even further down this train of thought and talk about the best ways we know how to make open source a viable and effective partner... and help you ship even more amazing code than you thought possible.

For contributors:
2:02 - Intros and start of program
3:38 - Discussion start
6:23 - First contributions
9:23 - How can you do open source professionally? Why would companies embrace or run away from open source
12:57 - Why is being welcoming so important to you? What difference does it make to the code?
15:14 - The importance of checking assumptions and fresh 👀
19:00 - How to get strong references for your work
24:05 - How to get a job at company X?
43:00 - Preventing burnout

For companies:
20:51 - How and why should companies consume open source?
24:35 - How to save time and money building an open source team
28:43 - Using open source on purpose instead of by accident
31:59 - How to open source sustainably?
37:10 - How do I sell open source to my boss?
44:23 - How can companies make money with open source?
48:14 - When is the right time to open source a project? (+ keys to security)
51:00 - "But we're not a tech company." The future of work.
54:06 - Is open source more or less secure than closed source?
59:29 - How can open source be monetized?
1:00:48 - It's not just about evaluating code quality
1:05:01 - Shortening development cycles with open source
1:08:35 - Non-code contributions

1:08:14 - Upcoming events

twitter: @eddiejaoude
github: https://github.com/eddiejaoude

GitHub Virtual Events:
https://www.meetup.com/GitHub-Presente/
https://www.meetup.com/GitHub-Africa/
https://www.meetup.com/github-planeta/

When it comes to GitHub team collaboration, sometimes it's a good idea to look at things from first principles. Rowena Foo, Implementation Engineer, digs into the most fundamental components of GitHub and shows us how to maximize productivity with your teams by using Issues, Project Boards and how to setup your teams and organizations.

2:06 - Stream start
6:42 - Intro
9:24 - What do I get with GitHub?
9:50 - GitHub repositories
11:37 - Issues and Project management
16:24 - Templates
23:25 - Labeling issues and pull requests
24:52 - Tracking progress with milestones
30:22 - Project boards
33:00 - Branches
42:55 - Team and organization management
49:33 - Repositories and policy management
53:02 - How GitHub uses GitHub


GitHub InFocus Developer Experience Week: https://infocus.github.com

GitHub and application security: Learn how to enable GitHub Advanced Security Features and how you might scale your implementation including how to understand the overall health of your org, Dependabot and using GitHub Actions, and know the community sourced vulnerabilities in open source software.

Take a walk with Kevin Alwell through the GitHub Learning Lab to build your first CI workflow in GitHub Actions: https://lab.github.com/githubtraining/github-actions:-continuous-integration

3:10 - Intro
6:27 - Overview
7:32 - Community sourced vulnerabilities in open source software
8:53 - GitHub Advisory Database and Dependabot alerts
13:32 - How do I understand the overall health of my organization from an Application Security perspective?
15:12 - Repository specific Application Security
15:59 - Drilling down to the pull request view
24:34 - Workflow files for GitHub Actions
33:40 - lab.github.com and hands on build of a CI pipeline

GitHub Actions Marketplace for workflows that have already been built by the community: https://github.com/marketplace?type=actions Automate almost anything!

For an even broader perspective on Secure Development and how you can bring DevOps and DevSecOps to your organization register for the Global Infocus Event: https://infocus.github.com

Watch this video of Bryan Cross for a tour of the exciting additions and changes to the GitHub User Experience we introduced at GitHub Universe. Learn how to automate code through PR Auto Merge, how to push code to GitHub with #Codespaces, our new Discussions, GitHub Dark Mode features and so much more.

All to make your experience as a developer just a bit smoother.

2:06 - Intro
3:23 - Demo Start
3:51 - GitHub Discussions
8:48 - Managing Dependencies
14:28 - Pull Request Auto Merge
17:51 - Enable Dark Mode
19:23 - Codespaces
29:11 - Issue labels and automatic workflows

VS Code container examples: https://github.com/microsoft/vscode-dev-containers/tree/master/containers

Join our next talk on What's next for DevOps! : https://github.co/next

Highlights from this video:

"For public repos now you can configure GitHub discussions, and the way that you do that is inside of your repo. Click on the settings tab and then scroll down on that initial page until you get to the features section here and just click the box for discussions. It's as easy as that and then when you scroll back up you're going to see that there's now a discussions item on your repo."

"Fundamentally discussions are designed to be different from issues so when we think of issues. They're to talk about an issue right so they're generally designed to be somewhat focused we're talking about a specific thing often in association with the work or the code that we're actually working on, and issues often lead to pull requests right so very much about specific aspects of our workflow. Discussions on the other hand are intended to be much more free form much more open and much more wide ranging. For example this might be a way for you to interact with your user community around broader questions like how do i use your tool, what are the pros and cons of your tool, what are the philosophical implications of what you're writing here."

"Now we're going to go on and check out possibly the most exciting the most complex and I think the most far-reaching and impactful of the features that we released at GitHub Universe and that's something called GitHub Codespaces.

Now before I get into that spoiler alert we're going to talk about a demo that we're working on here that really exercises a lot of the other features that we released at universe and that we released since then so if you weren't aware we now support multiple really as many environments as you like. You can have manual gateways so that somebody has to manually approve when code can be deployed to a given environment, and of course you can also specify secrets that are scoped to a specific environment."

"So VS Code what's that doing in there? These look like settings for visual studio (VS) code that i might have on my desktop for my visual studio code fat client. Right? Setting up tasks debug launch profiles and things like that well that's odd normally we don't store that in the repository..."

2:11 - Program Start
3:04 - Intros
4:47 - Program for the stream
9:48 - Demo Start

Live stream replay with Kerim Satirli and Taylor Dolezal of @HashiCorp talking about Infrastructure as Code and Iterative Infrastructure with GitHub Actions.

Project link to follow along: https://github.com/ksatirli/iterative-infrastructure

Join us for the “What’s next for DevOps?” Panel on Feb 4. Experts from GitHub, Lightstep, Red Hat, and Redmonk will explore this topic! https://resources.github.com/webcasts/Whats-next-for-DevOps/

twitter: @ksatirli, @onlydole

An introduction to the new Continuous Delivery (CD) features for GitHub Actions. Integrate required reviewers, environments and more as we securely deploy Azure apps.

2:44 - Intro to James Leha
8:05 - Demo Start
17:05 - Azure App Services and deployment environments
24:44 - More complex deployment examples
36:57 - Setting Environments
40:45 - Environment Monitoring and activity log
43:16 - Secrets, permissions and approvals
49:37 - Workflow view Recap
51:05 - Matrix Builds
55:33 - Pull Request view + Resources

Link to GitHub Repo in the Demo - https://github.com/James-LeHa/DemoDay-Actions-CD
Discussion for this Demo - https://github.com/James-LeHa/DemoDay-Actions-CD/discussions
https://github.com/learn/devops

#demodays #GitHub

1:20 - Welcome everyone!
11:39 - Let's talk DevOps and DevSecOps

DevSecOps, shifting left, and GitOps: you’ve probably heard all of these terms recently, but you might not be sure about what they mean. The reality is that these practices share a lot of the same principles—to reduce the time developers need to spend on security, while achieving better outcomes. And who doesn’t want that? Let’s clear up some confusion and deconstruct what these terms mean, and how they apply to your security and development teams.

Thomas Hughes, Senior DevOps Engineer, talks through key DevOps concepts and how it isn't just about tooling.

Resources:
Resource Round-up: https://github.com/learn/devops/#resources
Myths and Misconceptions: https://github.blog/2020-10-07-devops-definition/
Guide to DevSecOps: https://github.blog/2020-08-13-secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops/

Contact us: https://enterprise.github.com/contact

Sr. Solutions Engineer Sebass van Boxel takes you on a journey full of potential software vulnerabilities. With his colleague Richard Erwin he explores how such defects can enter a codebase and what GitHub features can be used to fix this. During this session we look at how CodeQL helps to identity potential threats, and to prevent them from happening again.

Learn more about Security here: https://github.com/learn/security

During this Demo Day, Mathew walks through how developers, operations and security teams work together to deliver secure software using GitHub. We focus on enabling Code Scanning, then configuring and customizing the tool to enable faster and more accurate results.

Developer and Security teams don’t always see eye-to-eye in a lot of organizations and we want to change that at GitHub.

As a developer-focused platform, we’re expanding beyond this with our security products that change the way developers and security experts work together to solve security issues in code.

Resources:

https://www.youtube.com/watch?v=58N0_0HCDPE
https://www.youtube.com/watch?v=nvCd0Ee4FgE
https://www.youtube.com/watch?v=pYzfGaLTqC0
https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#specifying-directories-to-scan
https://help.semmle.com/codeql/codeql-cli/procedures/query-suites.html
https://github.com/github/codeql/blob/main/javascript/ql/src/codeql-suites/javascript-security-and-quality.qls

Lukas Pollmann, Senior Solutions Engineers, dives into software dependencies. More effective management of software vulnerabilities enables your organization to consume open source software more responsibly, saving you developer time and effort. Secure your open source supply chain.

Learn more about Security here: https://github.com/learn/security

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Every time developers start working on a new project, they waste precious time and energy setting up a development environment before they can start doing what they truly love: writing code. Join Dr. Diego Assencio (Solutions Engineer at GitHub) on an awesome ride through GitHub Codespaces and learn how to eliminate this problem. Hop on and have fun!

You an learn more about Codespaces here: https://github.com/features/codespaces

Hamel Husain, Staff Machine Learning Engineer, talks about GitHub workflows and Actions for data science and shows how things can be quite different compared to typical engineering workflows. Conserve compute by only running your models when necessary, all while using whatever tools you need.

https://github.com/learn/devops

#DemoDays #cloudtesting
14:24 - Start of the live demo

Testing is a critical part of any CI/CD pipeline, but running tests in Kubernetes can absorb the extra time that automation saves. Enter kind. kind stands for “Kubernetes in Docker.” It’s an open source project from the Kubernetes special interest group (SIGs) community, and a tool for running local Kubernetes clusters using Docker container “nodes.” Creating a kind cluster is a simple way to run Kubernetes cluster and application testing—without having to spin up a complete Kubernetes environment.

Join Sarah Kalife and Adam Barlow, Solutions Engineers, and Grant Griffiths, Tech Lead at Portworx(http://portworx.com/) as they use kind in concert with GitHub Actions to eliminate the inconsistency of local dev environments when testing cloud-native applications.

https://github.com/learn/devops

Issac Cohen, Field Solutions Architect, digs into 3rd party integrations with a focus on security and code quality. With GitHub Actions, bring these tools directly into your CI/CD pipeline and get to Production faster and with greater confidence.

Find more at: https://github.com/learn/security

James Ha, Solutions Engineer, shows how GitHub Actions is far more than just CI/CD. Through progressive layers of automation, James shows how you can control who can deploy your code, label and track progress, and even provide bot interactions so that your contributors follow proper workflows before deploying to Production.

https://github.com/learn/devops

Ian Marsh, Solutions Engineer, provides an intro to Codespaces with an optional code-along. Explore GitHub’s browser-based integrated development environment and write a fun action using JavaScript (with a meme or two). After building the Action, we'll upload build artifacts, commit back into the repository, and interact with GitHub through the REST-based API.

Learn more about DevOps here: https://github.com/learn/devops

Andrew Weiss and Robert Freeman, Solutions Engineers, explore the container ecosystem with an emphasis on code security. Dig into static code analysis and variant analysis to reduce false positives. Prevent your software supply chain from passing known vulnerabilities into your build. Learn how to package up your code into a container, make it available via the GitHub Package Registry, and deploy it to a Kubernetes cluster with AKS.

Can we help you solve a specific problem?: https://github.co/twitch-contact-sales

Steve Winton, Partner Engineer, explains why someone might want to build a GitHub app, then builds one from scratch. Create 3rd party integrations to GitHub via the API and allow them to act autonomously on protected resources. Using the example of OAuth, walk through GitHub Enterprise Server and learn how to build then manage administration, monitoring and installations.

Once you've built your app, consider partnering with GitHub: https://partner.github.com/technology-partners

Bas van Schaik, Product Manager for the CodeQL analysis engine explains how you can tap into an entire community of security researcher knowledge to scan your own code for vulnerabilities. Beyond your own code, learn how you as a developer can write your own queries, contribute back to the community, and more effectively create secure code for everyone.

Get involved with the GitHub Security Lab: https://securitylab.github.com/get-involved

Kevin Alwell, Solutions Engineer, uses GitHub’s fully-integrated CI/CD to enable native application security features. Dive into GitHub Actions, code scanning, software composition analysis, secret detection, and policy enforcement to achieve DevSecOps maturity.

Learn more about Security here: https://github.com/learn/security

Learn how to build a business on GitHub by utilizing our powerful ecosystem and global community. Thomas Hughes, Sr. DevOps Engineer, will walk you through the process, from ideation to integration, including thinking about social media as more than just a promotional medium. What can we learn from the successes of Pull Panda, Dependabot and Semmle?

Are you building a business that could be unlocked with GitHub? Contact us: https://github.co/twitch-contact-sales

Bryan Cross and James Ha, Solutions Engineers, provide an intro to deployments with GitHub Actions. Learn how to deploy an entire application framework with Terraform, Ansible, and Azure—just by labeling an issue.

Learn more about DevOps here: https://github.com/learn/devops

A step-by-step walkthrough of Dependabot code security in action with Andrew Mccoy, Field Solutions Engineer. See how an insecure Docker image is built and broken via a known RCE exploit, then successfully patched and re-deployed with Dependabot.

Learn more about Security here: https://github.com/learn/security

Glenn Wester and Cory Dobson, Solutions Engineers, dive into software dependencies. More effective management of software vulnerabilities enables your organization to consume open source software more responsibly, saving you developer time and effort. Secure your open source supply chain from software vulnerabilities.

Learn more about Security here: https://github.com/learn/security

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Natalie Bradley (Field Architect), Eric Johnson (Solutions Engineer) and Dean Stravopoulos (Solutions Engineer) talk about how you can use GitHub to drive collaboration at work. They walk through both maintainer and contributor perspectives all while demonstrating the GitHub Flow.
Learn more about DevOps here: https://github.com/learn/devops

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
Google+: http://google.com/+github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Kevin Alwell, Solutions Engineer, starts with an application in a GitHub repo, adds CI, packages it using GitHub Packages then deploys via Azure.
Learn more about DevOps here: https://github.com/learn/devops

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
Google+: http://google.com/+github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com

Niels Pineda, Sarah Khalife and Senna Parsa, Solutions Engineers, explore security issues in your organization, and the balance of accessibility and controls. Enable SAML SSO in under a minute, and walk through steps to prevent unauthorized access without compromising your ability to collaborate.

Learn more about Security here: https://github.com/learn/security

As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub

Thanks!

Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
Google+: http://google.com/+github
LinkedIn: http://linkedin.com/company/github

About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com