Changelog Interviews

Securing GitHub

Listen Later

Jacob DePriest, VP and Deputy Chief Security Officer at GitHub, joins the show this week to talk about securing GitHub. From Artifact Attestations, profile hardening, preventing XZ-like attacks, GitHub Advanced Security, code scanning, improving Dependabot, and more.

Join the discussion

Changelog++ members save 14 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

  • Socket – Secure your supply chain and ship with confidence. Install the GitHub app, book a demo or learn more
  • NeonFleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.
  • CronitorCronitor helps you understand your cron jobs. Capture the status, metrics, and output from every cron job and background process. Name and organize each job, and ensure the right people are alerted when something goes wrong.
  • Fly.ioThe home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.

    • Featuring:

    • Jacob DePriest – GitHub, X
    • Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
    • Jerod Santo – GitHub, LinkedIn, Mastodon, X

    Show Notes:

    • Where does your software (really) come from?
    • Keeping secrets out of public repositories
    • GitHub Advanced Security
    • Dependabot
    • Introducing Artifact Attestations–now in public beta
    • Software Bill of Materials (SBOM)
    • 😶‍🌫️ Who in the world is Jia Tan?!

      • Something missing or broken? PRs welcome!

      ...more
      View all episodesView all episodes
      Download on the App Store
      Changelog InterviewsBy Changelog Media
      • 5
      • 5
      • 5
      • 5
      • 5

      5

      5 ratings

      More shows like Changelog Interviews

      View all
      Planet Money by NPR

      Planet Money

      30,830 Listeners

      The Changelog: Software Development, Open Source by Changelog Media

      The Changelog: Software Development, Open Source

      284 Listeners

      Conversations with Tyler by Mercatus Center at George Mason University

      Conversations with Tyler

      2,395 Listeners

      Twenty Thousand Hertz by Dallas Taylor

      Twenty Thousand Hertz

      3,923 Listeners

      Python Bytes by Michael Kennedy and Brian Okken

      Python Bytes

      215 Listeners

      NVIDIA AI Podcast by NVIDIA

      NVIDIA AI Podcast

      331 Listeners

      Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

      Syntax - Tasty Web Development Treats

      987 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      7,879 Listeners

      Sean Carroll's Mindscape: Science, Society, Philosophy, Culture, Arts, and Ideas by Sean Carroll | Wondery

      Sean Carroll's Mindscape: Science, Society, Philosophy, Culture, Arts, and Ideas

      4,139 Listeners

      Practical AI by Practical AI LLC

      Practical AI

      192 Listeners

      Dwarkesh Podcast by Dwarkesh Patel

      Dwarkesh Podcast

      408 Listeners

      Oxide and Friends by Oxide Computer Company

      Oxide and Friends

      47 Listeners

      The AI Daily Brief (Formerly The AI Breakdown): Artificial Intelligence News and Analysis by Nathaniel Whittemore

      The AI Daily Brief (Formerly The AI Breakdown): Artificial Intelligence News and Analysis

      479 Listeners

      Changelog News by Changelog Media

      Changelog News

      13 Listeners

      Changelog & Friends by Changelog Media

      Changelog & Friends

      2 Listeners