In this session, I will demonstrate how to build security into the DNA of your open source project from day one, using industry-tested tools and automation.
You'll learn how to implement a comprehensive security strategy leveraging popular open source security tools including GitHub's CodeQL for advanced vulnerability detection, OpenSSF Scorecard for automated security best practices assessment, and key supply chain security frameworks.
Through live demonstrations, we'll walk through setting up automated security scanning pipelines that catch vulnerabilities early and maintain high security standards without burdening developers.