DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub

Implementing Software Supply Chain Security can be challenging. In this course, you will learn how to improve code security with GitHub.
Course info
Level
Intermediate
Updated
Jul 8, 2021
Duration
55m
Table of contents
Description
Course info
Level
Intermediate
Updated
Jul 8, 2021
Duration
55m
Description

One of the most important aspects of software delivery is security. In the era of open-source projects, it is challenging and not easy to control every vulnerability and make sure that our solution does not use the package with serious vulnerabilities. The threat today to supply chain security is unpatched software.

In this course, DevOps with GitHub and Azure: Implementing software supply chain security with GitHub, you will learn about tools for software supply chain security available on GitHub.

First, you will understand what software supply chain security is and why it is important to not leave security as the last step of software delivery. Then, you will explore the configuration of Dependabot to automate keeping updated dependencies used in the project and how to add security static code analysis to an Actions workflow.

Finally, you will explore how to add License scanning to an Actions workflow to protect against specific license types in used OSS packages.

By the end of this course, you will have a clear overview of how to implement software supply chain security with GitHub, and how to maintain a secure repository by using GitHub best practices.

About the author
About the author

Principal Software Engineer. Passionate about Microsoft technologies. Awarded with Microsoft Most Valuable Professional title. Loves to share his knowledge and passion about Microsoft Azure, Universal Windows Platform, Internet of Things, and Azure DevOps.

More from the author
More courses by Daniel Krzyczkowski
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hello, everyone. My name is Daniel, and welcome to my Pluralsight course, DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub. In the era of open‑source projects, it's challenging to control every security aspect and make sure that our solution does not use packages with serious vulnerabilities. The threat today to supply chain security is unpatched software. In this course, DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub, you will learn more about tools for software supply chain security available on GitHub. Some of the major topics that we will cover include what software supply chain is and why it's important to remember about security aspect. We will learn how to configure Dependabot to automate keeping updated dependencies using the project. We will see how to add security static code analysis to an action's workflow, and we will discover how to add license scanning to projects against specific license types used in the open‑source packages. By the end of this course, you will be able to understand how to integrate security in the software supply chain, how to set up automated dependency scanning for your project hosted on GitHub, how to detect different licenses using the open‑source packages, and how to set up automated code scanning to detect bots and security issues. I hope you will join me and take the course, DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub here, at Pluralsight.