We have observed numerous failed strategies in securing Infrastructure as Code implementation that leads to unintended risks. This session will focus on the learnings and how you can automate secure GitHub management to prevent common misconfigurations and enforce critical controls. We will discuss the risks related to source code repositories, how to configure GitHub securely using code and how you can include GitHub in your Disaster Recovery plan. Participants will gain knowledge of practical steps to mitigate risks related to Continuous Integration and how it affects cloud security posture. Additionally, we will introduce Repoman, an open-source tool designed to streamline these processes.