DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub

Focused View

Daniel Krzyczkowski

55:32

135 View

01. Course Overview

01. Course Overview.mp4

01:48

02. Software Supply Chain Security

02. Introduction.mp4

01:57

03. Globomantics Company Scenario.mp4

01:35

04. Various Parts of Software Supply Chain.mp4

04:29

05. GitHub Tools for Software Supply Chain Security.mp4

06:46

06. Demo-Setup Security Alerts with Dependabot.mp4

09:11

07. Summary.mp4

01:06

03. Enhanced Security with GitHub Actions

08. Introduction.mp4

01:03

09. Static Code Analysis with GitHub Actions.mp4

08:07

10. Demo-Code Scanning with CodeQL.mp4

08:02

11. License Scanning to Stay Compliant.mp4

03:33

12. Add License Scanning Using GitHub Actions Workflow.mp4

06:57

13. Summary.mp4

00:58

Description

Implementing Software Supply Chain Security can be challenging. In this course, you will learn how to improve code security with GitHub.

What You'll Learn?

One of the most important aspects of software delivery is security. In the era of open-source projects, it is challenging and not easy to control every vulnerability and make sure that our solution does not use the package with serious vulnerabilities. The threat today to supply chain security is unpatched software.

In this course, DevOps with GitHub and Azure: Implementing software supply chain security with GitHub, you will learn about tools for software supply chain security available on GitHub.

First, you will understand what software supply chain security is and why it is important to not leave security as the last step of software delivery. Then, you will explore the configuration of Dependabot to automate keeping updated dependencies used in the project and how to add security static code analysis to an Actions workflow.

Finally, you will explore how to add License scanning to an Actions workflow to protect against specific license types in used OSS packages.

By the end of this course, you will have a clear overview of how to implement software supply chain security with GitHub, and how to maintain a secure repository by using GitHub best practices.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Microsoft Azure

GitHub

Azure DevOps

Daniel Krzyczkowski

Instructor's Courses

Daniel is a Principal Software Engineer at Predica living in Warsaw (Poland) focused on implementation of solutions using Microsoft technologies. He started his journey with sharing knowledge as a Microsoft Student Partner at the Polish-Japanese Academy of Information Technology in Warsaw. Daniel was awarded with Microsoft Most Valuable Professional title. Daniel loves to share his knowledge and passion about Microsoft Azure, Universal Windows Platform, Internet of Things, and Azure DevOps. He writes articles on the personal technical blog – DevIsland.pl where he tries to provide valuable content related with the Microsoft Azure cloud, IoT, Azure DevOps, and Universal Windows Platform application development. He is a regular speaker at various national and international conferences and meetups. He also shares some interesting samples that you can find in his Github repository. Daniel likes taking up new challenges in his free time as well as spending time with his family.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.