DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Implementing Software Supply Chain Security can be challenging. In this course, you will learn how to improve code security with GitHub.
What you'll learn
One of the most important aspects of software delivery is security. In the era of open-source projects, it is challenging and not easy to control every vulnerability and make sure that our solution does not use the package with serious vulnerabilities. The threat today to supply chain security is unpatched software.
In this course, DevOps with GitHub and Azure: Implementing software supply chain security with GitHub, you will learn about tools for software supply chain security available on GitHub.
First, you will understand what software supply chain security is and why it is important to not leave security as the last step of software delivery. Then, you will explore the configuration of Dependabot to automate keeping updated dependencies used in the project and how to add security static code analysis to an Actions workflow.
Finally, you will explore how to add License scanning to an Actions workflow to protect against specific license types in used OSS packages.
By the end of this course, you will have a clear overview of how to implement software supply chain security with GitHub, and how to maintain a secure repository by using GitHub best practices.