Live workshop ยท Jul 14, 2026 ยท 12PM ET

Protect Your GitHub From Supply Chain Attacks

Join Bret Fisher, a GitHub Actions expert and trainer, for an exclusive workshop where you’ll get hands-on experience locking down repos on GitHub to ensure they’re protected from the supply chain attacks behind the headlines of repo and package takeovers on Trivy, Axios, Zapier, PostHog, and more. Learn the latest defenses you can actually control on GitHub in this paid (now free thanks to Chainguard!) workshop.

Sign Up
--Days
--Hrs
--Min
--Sec
// Free workshop ยท sponsored by
Watch Workshop Trailer
> scanning supply chain… hostile vectors detected
> maintainer threat level: ELEVATED
> defenses available: CONFIRMED
Mission objectives

What you'll get hands-on with

Techniques and tools for securing Actions workflows and repos

Repo+Actions security

  • Avoiding pull_request_target
  • Setting workflow permissions
  • Locking down external contributors
  • Pinning Actions
  • Updating Actions automatically
  • Updating Actions with a cooldown delay
  • Moving secrets to Environments to limit blast radius
gasa - GitHub Actions Security Assessment

Bret's new audit tool that codifies this talk's advice for your repos

GHA editing skill

Bret's agent skill for writing safer GitHub Actions workflows

Scanner stack

actionlint ยท zizmor ยท poutine - run on every workflow

Live demo ยท new from Chainguard

Meet Chainguard Actions

Secure-by-default CI/CD workflows. I'll demo switching from public Actions to Chainguard Actions to harden your workflows.

Continuous protection

Prevent secret exfiltration, tag hijacking, and other CI/CD supply chain attacks with Actions that are continuously scanned and re-hardened as upstream versions ship and threats evolve.

Verifiable hardening

Stay audit-ready and see which vulnerabilities were identified and mitigated with the HARDENING.md report included with every Action.

Fast, drop-in replacements

Skip the manual work of switching with the migration skill that inventories your Actions and opens PRs to swap in Chainguard alternatives with the same functionality.

Trust your workflows

When the next compromised Action hits the news, Chainguard's 800+ hardened Actions and one-day SLA for new Actions mean you stay protected.

Bret Fisher as a space defender deploying an energy shield, with a GitHub octocat moon behind him
Mission commander

Bret Fisher

DevOps trainer, podcast host, and creator of Docker Mastery โ€” one of the most popular container courses ever made. Bret has spent years helping engineers ship and secure automation, and is now focused on Agentic DevOps... using AI to further automate and secure your DevOps workflow.

This workshop is the hands-on, deeper version of several recent live streams and a conference talk at Accelerate Chicago.

DevOps consultant YouTube educator Docker Captain Cloud Native Ambassador (CNCF)
Recruitment open

Sign up for the mission

Reserve your spot. I'll send you a calendar invite. I'll also email you the workshop video and resources after the event.

Submitting this form will cause you to get emails from Bret Fisher and Chainguard. Unsubscribe anytime ๐Ÿ˜‰

A free workshop, thanks to
Mission FAQ

Briefing questions

When is the workshop?
Tuesday, July 14, 2026 at 12:00 PM US Eastern (live, online).
Who is this for?
Developers, DevOps and platform engineers, security engineers, and OSS maintainers who own GitHub repos and Actions workflows. If you do "the basics" but aren't sure you're covered, this is for you.
Do I need to be a security expert?
No. If you can read a GitHub Actions workflow file, you'll keep up. I focus on practical, high-leverage fixes โ€” not theory.
Will it be recorded?
Yes โ€” sign up and you'll get the recording and the resources afterward.
What will it cost?
It's completely free โ€” thanks to Chainguard for sponsoring.
Chainguard Actions sounds cool, how do I get it?
You can sign up for the trial at chainguard.dev/actions.