Protect Your GitHub From Supply Chain Attacks
Join Bret Fisher, a GitHub Actions expert and trainer, for an exclusive workshop where
you’ll get hands-on experience locking down repos on GitHub to ensure they’re protected from
the supply chain attacks behind the headlines of repo and package takeovers on
Trivy, Axios, Zapier, PostHog, and more. Learn the latest defenses you can actually
control on GitHub in this paid (now free thanks to Chainguard!) workshop.
What you'll get hands-on with
Techniques and tools for securing Actions workflows and repos
Repo+Actions security
- Avoiding
pull_request_target - Setting workflow permissions
- Locking down external contributors
- Pinning Actions
- Updating Actions automatically
- Updating Actions with a cooldown delay
- Moving secrets to Environments to limit blast radius
Bret's new audit tool that codifies this talk's advice for your repos
Bret's agent skill for writing safer GitHub Actions workflows
actionlint ยท zizmor ยท poutine - run on every workflow
Meet Chainguard Actions
Secure-by-default CI/CD workflows. I'll demo switching from public Actions to Chainguard Actions to harden your workflows.
Continuous protection
Prevent secret exfiltration, tag hijacking, and other CI/CD supply chain attacks with Actions that are continuously scanned and re-hardened as upstream versions ship and threats evolve.
Verifiable hardening
Stay audit-ready and see which vulnerabilities were identified and mitigated with the HARDENING.md report included with every Action.
Fast, drop-in replacements
Skip the manual work of switching with the migration skill that inventories your Actions and opens PRs to swap in Chainguard alternatives with the same functionality.
Trust your workflows
When the next compromised Action hits the news, Chainguard's 800+ hardened Actions and one-day SLA for new Actions mean you stay protected.
Bret Fisher
DevOps trainer, podcast host, and creator of Docker Mastery โ one of the most popular container courses ever made. Bret has spent years helping engineers ship and secure automation, and is now focused on Agentic DevOps... using AI to further automate and secure your DevOps workflow.
This workshop is the hands-on, deeper version of several recent live streams and a conference talk at Accelerate Chicago.