10 Dec 2020
Presented by:
Bas van Schaik, Staff Product Manager, GitHub
Xavier René-Corail, Director of Security Research, GitHub
CodeQL security analysis powers GitHub code scanning and has helped identify and prevent thousands of security vulnerabilities. Through code scanning, it analyzes your pull requests and flags up security issues as early as possible. But who creates these CodeQL queries and how do they know what to look for? For the last two years, a community of security researchers have been contributing to CodeQL queries that formalize their security knowledge. Queries written by independent researchers, enterprise security teams, and everyone in between now help protect all CodeQL users from security vulnerabilities. In this session you'll find out more about this community, the bounty programs, and the tools they use to help you secure your code. And how you can become part of it!
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
Bas van Schaik, Staff Product Manager, GitHub
Xavier René-Corail, Director of Security Research, GitHub
CodeQL security analysis powers GitHub code scanning and has helped identify and prevent thousands of security vulnerabilities. Through code scanning, it analyzes your pull requests and flags up security issues as early as possible. But who creates these CodeQL queries and how do they know what to look for? For the last two years, a community of security researchers have been contributing to CodeQL queries that formalize their security knowledge. Queries written by independent researchers, enterprise security teams, and everyone in between now help protect all CodeQL users from security vulnerabilities. In this session you'll find out more about this community, the bounty programs, and the tools they use to help you secure your code. And how you can become part of it!
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
- 2 participants
- 20 minutes
9 Dec 2020
Presented by:
Maya Kaczorowski, Product Manager, Software Supply Chain Security, GitHub
William Bartholomew, Staff Product Manager, GitHub
"Shifting left allows development teams to implement security controls earlier, thus helping your team catch issues earlier, too. In this talk, we’ll first cover what your supply chain is, including everything you need to know about the dependencies you pull into your software—including information on their vulnerabilities—to determine your risk profile. We'll then dive into what GitHub can do to help you address vulnerabilities in these dependencies and alert you when new vulnerabilities arise using Dependency Graph and Dependabot. Then, we’ll delve into new updates that will help you shift left starting today.
https://githubuniverse.com/developer"
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
Maya Kaczorowski, Product Manager, Software Supply Chain Security, GitHub
William Bartholomew, Staff Product Manager, GitHub
"Shifting left allows development teams to implement security controls earlier, thus helping your team catch issues earlier, too. In this talk, we’ll first cover what your supply chain is, including everything you need to know about the dependencies you pull into your software—including information on their vulnerabilities—to determine your risk profile. We'll then dive into what GitHub can do to help you address vulnerabilities in these dependencies and alert you when new vulnerabilities arise using Dependency Graph and Dependabot. Then, we’ll delve into new updates that will help you shift left starting today.
https://githubuniverse.com/developer"
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
- 2 participants
- 19 minutes
9 Dec 2020
Presented by
Jose Palafox, Business Development Manager, GitHub
Sara Joshi, Member of Technical Staff, Accurics
Alfredo Deza, Senior Software Engineer, Anchore
Jaap Karan Singh, Customer Success SME, Secure Code Warrior,
GitHub provides industry-leading native security capabilities within the developer workflow. Our code scanning, secret scanning, and Dependabot products and features deliver great value toward securing applications. Yet, additional security capabilities can be unlocked thanks to integrations. In this panel, we’ll share how third-party vendor solutions integrated with GitHub Actions can improve your security posture on top of native security capabilities. We’ll discuss contextual developer security training, infrastructure as code checks, and container scanning. And you'll learn about how to detect and prevent security issues in your code, how to ensure that runtime environments are up to date, and how to validate the security and configuration of deployment environments.
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
Jose Palafox, Business Development Manager, GitHub
Sara Joshi, Member of Technical Staff, Accurics
Alfredo Deza, Senior Software Engineer, Anchore
Jaap Karan Singh, Customer Success SME, Secure Code Warrior,
GitHub provides industry-leading native security capabilities within the developer workflow. Our code scanning, secret scanning, and Dependabot products and features deliver great value toward securing applications. Yet, additional security capabilities can be unlocked thanks to integrations. In this panel, we’ll share how third-party vendor solutions integrated with GitHub Actions can improve your security posture on top of native security capabilities. We’ll discuss contextual developer security training, infrastructure as code checks, and container scanning. And you'll learn about how to detect and prevent security issues in your code, how to ensure that runtime environments are up to date, and how to validate the security and configuration of deployment environments.
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
- 4 participants
- 29 minutes
9 Dec 2020
Presented by Allison Weins, Product Manager, GitHub
Join Allison Weins for a deep-dive into GitHub Codespaces—an online development environment service that allows you to develop entirely in the cloud. She'll cover advanced setup and personalization options as well as tips and tricks that will turn you into a Codespaces power user.
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
Join Allison Weins for a deep-dive into GitHub Codespaces—an online development environment service that allows you to develop entirely in the cloud. She'll cover advanced setup and personalization options as well as tips and tricks that will turn you into a Codespaces power user.
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
- 1 participant
- 18 minutes
9 Dec 2020
Presented by Sasha Rosenbaum, Senior Product Manager, GitHub
Every month, GitHub detects about a million potential secrets in public repos, and one in every seven private repos has a potential committed credential. In this talk, we'll show you what you should do when you inadvertently commit a credential; how to doing so in the future by externalizing your secrets; and how to use GitHub to scan your projects to make sure no secrets make it into your source code again.
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
Every month, GitHub detects about a million potential secrets in public repos, and one in every seven private repos has a potential committed credential. In this talk, we'll show you what you should do when you inadvertently commit a credential; how to doing so in the future by externalizing your secrets; and how to use GitHub to scan your projects to make sure no secrets make it into your source code again.
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
- 1 participant
- 23 minutes
9 Dec 2020
Presented by Spencer McIntyre, Lead Researcher, Metasploit Framework
The Metasploit Framework is an open source tool for testing and demonstrating security vulnerabilities within software. In this session, we'll talk about how it can be used to perform an assessment—and describe the heart of the framework content, the exploit module. Finally, we'll go over how the open source community itself can contribute to the Metasploit Framework.
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
The Metasploit Framework is an open source tool for testing and demonstrating security vulnerabilities within software. In this session, we'll talk about how it can be used to perform an assessment—and describe the heart of the framework content, the exploit module. Finally, we'll go over how the open source community itself can contribute to the Metasploit Framework.
For more from GitHub Universe 2020, visit https://githubuniverse.com
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com
- 1 participant
- 20 minutes