One of the most important aspects of software delivery is security. In the era of open-source projects, it is challenging and not easy to control every vulnerability and make sure that our solution does not use the package with serious vulnerabilities. The threat today to supply chain security is unpatched software. In this course, DevOps with GitHub and Azure: Implementing software supply chain security with GitHub, you will learn about tools for software supply chain security available on GitHub. First, you will understand what software supply chain security is and why it is important to not leave security as the last step of software delivery. Then, you will explore the configuration of Dependabot to automate keeping updated dependencies used in the project and how to add security static code analysis to an Actions workflow. Finally, you will explore how to add License scanning to an Actions workflow to protect against specific license types in used OSS packages. By the end of this course, you will have a clear overview of how to implement software supply chain security with GitHub, and how to maintain a secure repository by using GitHub best practices.
Author Name: Daniel Krzyczkowski
Author Description:
Daniel is a Modern Identity Lead at Formula5, living in Warsaw (Poland) focused on implementation of solutions using Microsoft technologies. He started his journey with sharing knowledge as a Microsoft Student Partner at the Polish-Japanese Academy of Information Technology in Warsaw. Daniel was awarded with Microsoft Most Valuable Professional title. Daniel loves to share his knowledge and passion about Microsoft Azure, Identity, and DevSecOps. He writes articles on the personal technical blog … more