diff --git a/slides/Slides.md b/slides/Slides.md index 82d1625..d1e3121 100644 --- a/slides/Slides.md +++ b/slides/Slides.md @@ -138,6 +138,65 @@ linkStyle 4 color:green; --- + + +# Security + + +
+
+ +- Never use structured data as a secret +- Register all secrets used within workflows +- Audit how secrets are handled +- Use credentials that are minimally scoped +- Audit and rotate registered secrets +- Consider requiring review for access to secrets + +
+
+ +- Use an action instead of an inline script (recommended) +- Use an intermediate environment variable +- Use OpenID Connect to access cloud resources +- Pin third-party actions to a full length commit SHA + +
+
+ +--- + +# Actions Updates - Dependabot + +
+
+ +- Actions are regularly updated for enhanced automation. +- Dependabot keeps GitHub Actions references in workflow.yml up-to-date. +- If newer action versions exist, Dependabot sends an update pull request. +- Dependabot also updates git references for reusable workflows. +
+
+ +
+ +```.github/dependabot.yml``` +```yaml +version: 2 +updates: + # See documentation for possible values + - package-ecosystem: "github-actions" + # Location of package manifests + directory: "/" + schedule: + interval: "weekly" +``` + +
+
+ +--- + # Questions ![bg auto](./img/background.jpg) @@ -152,9 +211,10 @@ linkStyle 4 color:green; ## Links -- [https://docs.github.com](https://docs.github.com) -- [https://skills.github.com](https://docs.github.com) -- [codebytes/github-actions-demos](https://github.com/codebytes/github-actions-demos) +[https://docs.github.com](https://docs.github.com) +[https://skills.github.com](https://docs.github.com) +[https://docs.github.com/actions/security-guides](https://docs.github.com/actions/security-guides) +[codebytes/github-actions-demos](https://github.com/codebytes/github-actions-demos)