Changelog Master Feed

Securing GitHub (Changelog Interviews #596)

Jun 19, 2024

01:29:38

Snipd AI

Jacob DePriest, VP at GitHub, discusses Artifact Attestations, profile hardening, GitHub Advanced Security, code scanning, and improving Dependabot to secure GitHub. Topics include preventing XZ-like attacks and the importance of open-source security measures.

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

GitHub emphasizes 2FA and Artifact Attestations for enhanced security measures.

GitHub's AI tools like Copilot aid in proactive vulnerability detection and code corrections.

Chronitor offers comprehensive monitoring solutions for efficient performance insights and uptime tracking.

Deep dives

GitHub and Securing Open Source Dependencies

Securing GitHub and open source dependencies discussed by GitHub's VP and Deputy Chief Security Officer, Jacob De Priest. Steps taken to ensure security at GitHub include mandatory 2FA and attestations. Socket, a developer-first security platform protecting against vulnerable and malicious dependencies, highlighted. Dangers highlighted, such as type squat attacks and vulnerable dependencies.

Intro

3min

Securing Open Source Dependencies and Introducing Socket Tool for Developers

5min

Enhancing Security Measures on GitHub

25min

GitHub Version Control and Security Features for Enterprise and Public Repositories

7min

Enhancing Code Attestation and Security with GitHub Actions

19min

Efficient Coding with AI and Monitoring with Chronitor

2min

Advancing Cybersecurity with AI and GitHub Security Measures

25min

Importance of Attestation and Security on GitHub

4min

Jacob DePriest, VP and Deputy Chief Security Officer at GitHub, joins the show this week to talk about securing GitHub. From Artifact Attestations, profile hardening, preventing XZ-like attacks, GitHub Advanced Security, code scanning, improving Dependabot, and more.

Join the discussion

Changelog++ members save 14 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

Socket – Secure your supply chain and ship with confidence. Install the GitHub app, book a demo or learn more
Neon – Fleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.
Cronitor – Cronitor helps you understand your cron jobs. Capture the status, metrics, and output from every cron job and background process. Name and organize each job, and ensure the right people are alerted when something goes wrong.
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.

Featuring:

Jacob DePriest – Twitter, GitHub
Adam Stacoviak – Mastodon, Twitter, GitHub, LinkedIn, Website
Jerod Santo – Mastodon, Twitter, GitHub, LinkedIn

Show Notes:

Something missing or broken? PRs welcome!

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Changelog Master Feed

Securing GitHub (Changelog Interviews #596)

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

GitHub and Securing Open Source Dependencies

AutoFix AI in GitHub Code Scanning

Future Proactive Security Measures with AI

Scaling Proactive Security with AutoFix and AI Assistance

Monitoring and Performance Insights with Chronitor

AI Integration in Security and Open Source Supply Chain

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Changelog Master Feed

Securing GitHub (Changelog Interviews #596)

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

GitHub and Securing Open Source Dependencies

AutoFix AI in GitHub Code Scanning

Future Proactive Security Measures with AI

Scaling Proactive Security with AutoFix and AI Assistance

Monitoring and Performance Insights with Chronitor

AI Integration in Security and Open Source Supply Chain

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights