How to use GitHub Actions with security in mind

When working in the real world with continuous integration / continuous deployment, you have to take care of your pipelines and the things they have access to.

- Who can push code into to an environment?
- Who could read and change the connection strings to the database?
- Who can create new resources in your cloud environment?
- Do you trust your third party extensions?
- What part of the network does your pipeline have access to?

I'll go over each of these aspects of your GitHub Actions Workflows and show you what to look for and how to improve your security stance without locking every DevOps engineer out.

Target audience: DevOps engineers on GitHub

Rob Bos

DevOps Consultant | GitHub Trainer @ Xebia

's-Hertogenbosch, The Netherlands


Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top