▬▬▬▬▬▬ 📝 ABSTRACT & BIO ▬▬▬▬▬▬
In the world of Continuous Integration and Continuous Deployment, Github Actions provide a
nifty edge to quickly build end-to-end automation right into the repository. This makes integration
of Actions into an organization’s Github repositories pretty straightforward and convenient.
However, if Actions is swiftly adopted without a well chartered security plan, one may quickly
find themselves in muddy waters.
In this episode, we will discuss some of the key security concerns one should be aware of when
using Github Actions. We will also cover the best practices that Salesforce Heroku follows to
securely use this exceedingly popular product.
REETHI KOTTI
Reethi is a Platform Security Engineer at Salesforce Heroku. She enjoys performing deep dive
security reviews, automating manual processes and finding ways to improve the overall Security
posture. Recently she’s been invested in CI/CD tools and finding ways to securely use third
party packages. In her free time, you can find her tending to her many plants and exploring
trails.
▬▬▬▬▬▬ 🔗 LINKS ▬▬▬▬▬▬
SLIDES: 🔗bit.ly/3udajov
Additional information about Github Actions can be found at docs.github.co...
REFERENCES
1. engineering.sa...
df5c75f5
2. / bypassing-required-rev...
s-6e1b29135cc7
3. docs.github.co...
4. github.blog/20...
equest-workflows/
▬▬▬▬▬▬ 🎥 Producer ▬▬▬▬▬▬
Nancy Gariché ► / nancygariche
▬▬▬▬▬▬ 🎙️Hosts ▬▬▬▬▬▬
Nikki Becher ► / thedeadrobots
▬▬▬▬▬▬ 👋 Connect with Us ▬▬▬▬▬▬
TWITCH ► owasp_devslop - Twitch
MEETUP.COM ► www.meetup.com...
INSTAGRAM ► / ​
TWITTER ► owasp_devslop