From 8b749702bd90ae1cbfc6caf4078ddbc2813d5c63 Mon Sep 17 00:00:00 2001 From: Chris Ayers Date: Sun, 1 Oct 2023 22:28:46 +0000 Subject: [PATCH] updated slides --- slides/Slides.md | 66 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 63 insertions(+), 3 deletions(-) diff --git a/slides/Slides.md b/slides/Slides.md index 82d1625..d1e3121 100644 --- a/slides/Slides.md +++ b/slides/Slides.md @@ -138,6 +138,65 @@ linkStyle 4 color:green; --- + + +# Security + + +
+
+ +- Never use structured data as a secret +- Register all secrets used within workflows +- Audit how secrets are handled +- Use credentials that are minimally scoped +- Audit and rotate registered secrets +- Consider requiring review for access to secrets + +
+
+ +- Use an action instead of an inline script (recommended) +- Use an intermediate environment variable +- Use OpenID Connect to access cloud resources +- Pin third-party actions to a full length commit SHA + +
+
+ +--- + +# Actions Updates - Dependabot + +
+
+ +- Actions are regularly updated for enhanced automation. +- Dependabot keeps GitHub Actions references in workflow.yml up-to-date. +- If newer action versions exist, Dependabot sends an update pull request. +- Dependabot also updates git references for reusable workflows. +
+
+ +
+ +```.github/dependabot.yml``` +```yaml +version: 2 +updates: + # See documentation for possible values + - package-ecosystem: "github-actions" + # Location of package manifests + directory: "/" + schedule: + interval: "weekly" +``` + +
+
+ +--- + # Questions ![bg auto](./img/background.jpg) @@ -152,9 +211,10 @@ linkStyle 4 color:green; ## Links -- [https://docs.github.com](https://docs.github.com) -- [https://skills.github.com](https://docs.github.com) -- [codebytes/github-actions-demos](https://github.com/codebytes/github-actions-demos) +[https://docs.github.com](https://docs.github.com) +[https://skills.github.com](https://docs.github.com) +[https://docs.github.com/actions/security-guides](https://docs.github.com/actions/security-guides) +[codebytes/github-actions-demos](https://github.com/codebytes/github-actions-demos)