The Changelog: Software Development, Open Source

Securing GitHub (Interview)

Listen Later

Jacob DePriest, VP and Deputy Chief Security Officer at GitHub, joins the show this week to talk about securing GitHub. From Artifact Attestations, profile hardening, preventing XZ-like attacks, GitHub Advanced Security, code scanning, improving Dependabot, and more.

Join the discussion

Changelog++ members save 14 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

  • Socket – Secure your supply chain and ship with confidence. Install the GitHub app, book a demo or learn more
  • NeonFleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.
  • CronitorCronitor helps you understand your cron jobs. Capture the status, metrics, and output from every cron job and background process. Name and organize each job, and ensure the right people are alerted when something goes wrong.
  • Fly.ioThe home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.

    • Featuring:

    • Jacob DePriest – GitHub, X
    • Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
    • Jerod Santo – GitHub, LinkedIn, Mastodon, X

    Show Notes:

    • Where does your software (really) come from?
    • Keeping secrets out of public repositories
    • GitHub Advanced Security
    • Dependabot
    • Introducing Artifact Attestations–now in public beta
    • Software Bill of Materials (SBOM)
    • 😶‍🌫️ Who in the world is Jia Tan?!

      • Something missing or broken? PRs welcome!

      ...more
      View all episodesView all episodes
      Download on the App Store
      The Changelog: Software Development, Open SourceBy Changelog Media
      • 4.7
      • 4.7
      • 4.7
      • 4.7
      • 4.7

      4.7

      286 ratings

      More shows like The Changelog: Software Development, Open Source

      View all
      Software Engineering Radio by se-radio@computer.org

      Software Engineering Radio

      271 Listeners

      Software Engineering Daily by Software Engineering Daily

      Software Engineering Daily

      625 Listeners

      LINUX Unplugged by Jupiter Broadcasting

      LINUX Unplugged

      268 Listeners

      Talk Python To Me by Michael Kennedy

      Talk Python To Me

      585 Listeners

      Soft Skills Engineering by Jamison Dance and Dave Smith

      Soft Skills Engineering

      289 Listeners

      Data Engineering Podcast by Tobias Macey

      Data Engineering Podcast

      146 Listeners

      Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

      Syntax - Tasty Web Development Treats

      988 Listeners

      REWORK by 37signals

      REWORK

      210 Listeners

      Practical AI by Practical AI LLC

      Practical AI

      211 Listeners

      AWS Podcast by Amazon Web Services

      AWS Podcast

      203 Listeners

      The Stack Overflow Podcast by The Stack Overflow Podcast

      The Stack Overflow Podcast

      63 Listeners

      The Real Python Podcast by Real Python

      The Real Python Podcast

      142 Listeners

      Big Technology Podcast by Alex Kantrowitz

      Big Technology Podcast

      494 Listeners

      Training Data by Sequoia Capital

      Training Data

      40 Listeners

      The Pragmatic Engineer by Gergely Orosz

      The Pragmatic Engineer

      64 Listeners