Protecting Your GitHub From Supply Chain Attacks

Learn how to protect your GitHub from the latest attacks like S1ngularity, Shai-Hulud, and TeamPCP that created headlines about projects like Trivy, Axios, Zapier, PostHog, and more.

Supply chains and maintainers are under threat more than ever (thanks, AI), and we all need to step up our game and look for easy wins in further locking down our GitHub repo settings, GitHub Actions workflows, and ensure our Dependabot and Renovate are keeping our Actions safe. This talk is centered around GitHub Actions, but extends into npm security, necessary security tooling to complement our repos, and automation to warn us before misconfigurations happen.