Git

Snyk

Managing Node.js Docker images in GitHub Packages using GitHub Actions

If you’re doing open source development today, chances are high that you’re active within the GitHub community — participating in open source projects and their repositories. A recent addition to the GitHub ecosystem is GitHub Packages, which was announced back in 2019 and is now receiving even more updates with the general availability of the GitHub Packages container registry.

eventsentry

EventSentry on GitHub: PowerShell module, templates and more!

Since we’ve accumulated a lot of resources around EventSentry that are updated frequently, we’ve decided to launch a GitHub page where anyone can access and download scripts, configuration templates, screen backgrounds and our brand-new PowerShell module that is still under development.

teleport

Pull Requests for Infrastructure Access

Making frequent changes to cloud applications running in production is the de-facto standard. To minimize errors, engineers use CI/CD automation, techniques like code reviews, green-blue deployments and others. Git pull requests often serve as a foundational component for triggering code reviews, Slack notifications, and subsequent automation such as testing and deployments. This automated process enforces peer reviews and creates enough visibility to minimize human error.

Snyk

GitHub Security Code Scanning: Secure your open source dependencies

We are happy to announce Snyk Open Source support for GitHub Security Code Scanning, enabling you to automatically scan your open source dependencies for security vulnerabilities and license issues, as well as view results directly from within GitHub’s Security tab! A key ingredient of Snyk’s developer-first approach is integrating Snyk’s security data into the exact same processes that developers are using, whether this is within a developer’s IDE or a Git-based workflow.

nightfall

Nightfall for GitHub, Now with Real-Time Data Loss Prevention

We are excited to announce that Nightfall DLP for GitHub now has two plans available: Pro and Enterprise. Both plans allow you to discover, classify and protect sensitive information in any GitHub organization by actively scanning your codebase for secrets, credentials, PII, and other business-critical data to notify you of data policy violations. The Enterprise plan provides the additional ability to scan the commit history of any repo within your GitHub org.

Snyk

Application security automation for GitHub repositories with Snyk

Snyk provides a wide array of integrations and a pretty comprehensive API to enable you to deploy Snyk across the SDLC and monitor all the code your organization is developing. Of course – this is not always simple. At scale, ensuring Snyk is monitoring all your repositories becomes more challenging. As you grow, more code is added in the shape of new repositories. Not only that, existing repositories keep on changing.

Snyk

Identify, prioritize, and fix vulnerabilities with Reachable Vulnerabilities for GitHub

Imagine you are a Java programmer and that you just decided you want to use Snyk Open Source scanning to help you find security problems in your third party libraries. Good call! However, after connecting your repository to the Snyk Open Source scanner, you find out that you have ten or maybe even 50 vulnerabilities in the packages you depend on. The major question is: where do I start?

Secure RBAC / SSO for Kubernetes with Teleport OSS and Github Teams

The promise of elastic scale and cloud native has driven the demand for K8s, but developers now have the harder task of building applications in a secure manner. This talk will focus on best practices and potential pitfalls for securing K8s for the engineering team by using the K8s API server and control plane. Join us for a how-to on implementing a robust Role Based Access Control (RBAC) tied into the corporate SSO/Identity provider using Github Teams and open source software.
nightfall

3 Critical Lessons from 2020's Largest GitHub Leaks

2020 has been a very challenging year for teams and organizations across the world. This has been especially true for security teams, who’ve been responsible for managing the technological risks associated with their organization’s response to the pandemic. With security teams focused on mitigating the seismic impacts that the pandemic has had on their organization’s infrastructure, some of the security problems that emerged before the pandemic have been overlooked.