Software's best weekly news brief, deep technical interviews & talk show.
…
continue reading
Content provided by Changelog Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Changelog Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Changelog Master Feed
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Think Silverblue, but with modern DevOps "cloud-native" tooling used to build it. From Aurora to Bazzite, our impressions of this ambitious project. Live chat: https:/jblive.tv
…
continue reading
A podcast about web design and development.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Securing GitHub (Changelog Interviews #596)
Manage episode 424608410 series 1283731
Content provided by Changelog Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Changelog Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Jacob DePriest, VP and Deputy Chief Security Officer at GitHub, joins the show this week to talk about securing GitHub. From Artifact Attestations, profile hardening, preventing XZ-like attacks, GitHub Advanced Security, code scanning, improving Dependabot, and more.
Changelog++ members save 14 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Socket – Secure your supply chain and ship with confidence. Install the GitHub app, book a demo or learn more
- Neon – Fleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.
- Cronitor – Cronitor helps you understand your cron jobs. Capture the status, metrics, and output from every cron job and background process. Name and organize each job, and ensure the right people are alerted when something goes wrong.
- Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
Featuring:
- Jacob DePriest – Twitter, GitHub
- Adam Stacoviak – Mastodon, Twitter, GitHub, LinkedIn, Website
- Jerod Santo – Mastodon, Twitter, GitHub, LinkedIn
Show Notes:
- Where does your software (really) come from?
- Keeping secrets out of public repositories
- GitHub Advanced Security
- Dependabot
- Introducing Artifact Attestations–now in public beta
- Software Bill of Materials (SBOM)
- 😶🌫️ Who in the world is Jia Tan?!
Something missing or broken? PRs welcome!
Chapters
1. This week on The Changelog (00:00:00)
2. Sponsor: Socket (00:01:46)
3. Let's talk GitHub security (00:05:28)
4. The responsibility of security (00:08:11)
5. Securing change of ownership (00:13:51)
6. Applying Attestation to XZ (00:16:39)
7. XZ-like attacks are scary (00:18:05)
8. The challenge of the defender (00:21:57)
9. Behind code scanning (00:28:40)
10. GitHub Advanced Security features (00:31:34)
11. Sponsor: Neon (00:33:40)
12. Dependabot signal vs noise (00:39:27)
13. Attestations from a maintainer's POV (00:40:42)
14. Attestation tracking the binary (00:43:52)
15. Attestation goes beyond SBOM (00:46:55)
16. Are SBOMs widely used? (00:48:42)
17. 45-ish minutes to AI! (00:49:29)
18. Proactive vs reactive security (00:54:41)
19. Sponsor: Cronitor (00:59:28)
20. AI red teams (01:00:58)
21. Jacob's security war stories (01:05:35)
22. Wave a magic security wand (01:10:57)
23. GitHub as a security centerpoint (01:14:04)
24. How to partner on security with GitHub (01:15:46)
25. Closing thoughts from Jacob (01:24:28)
26. Outro and what's next (01:26:45)
2067 episodes
Share
Manage episode 424608410 series 1283731
Content provided by Changelog Media. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Changelog Media or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Jacob DePriest, VP and Deputy Chief Security Officer at GitHub, joins the show this week to talk about securing GitHub. From Artifact Attestations, profile hardening, preventing XZ-like attacks, GitHub Advanced Security, code scanning, improving Dependabot, and more.
Changelog++ members save 14 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Socket – Secure your supply chain and ship with confidence. Install the GitHub app, book a demo or learn more
- Neon – Fleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.
- Cronitor – Cronitor helps you understand your cron jobs. Capture the status, metrics, and output from every cron job and background process. Name and organize each job, and ensure the right people are alerted when something goes wrong.
- Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
Featuring:
- Jacob DePriest – Twitter, GitHub
- Adam Stacoviak – Mastodon, Twitter, GitHub, LinkedIn, Website
- Jerod Santo – Mastodon, Twitter, GitHub, LinkedIn
Show Notes:
- Where does your software (really) come from?
- Keeping secrets out of public repositories
- GitHub Advanced Security
- Dependabot
- Introducing Artifact Attestations–now in public beta
- Software Bill of Materials (SBOM)
- 😶🌫️ Who in the world is Jia Tan?!
Something missing or broken? PRs welcome!
Chapters
1. This week on The Changelog (00:00:00)
2. Sponsor: Socket (00:01:46)
3. Let's talk GitHub security (00:05:28)
4. The responsibility of security (00:08:11)
5. Securing change of ownership (00:13:51)
6. Applying Attestation to XZ (00:16:39)
7. XZ-like attacks are scary (00:18:05)
8. The challenge of the defender (00:21:57)
9. Behind code scanning (00:28:40)
10. GitHub Advanced Security features (00:31:34)
11. Sponsor: Neon (00:33:40)
12. Dependabot signal vs noise (00:39:27)
13. Attestations from a maintainer's POV (00:40:42)
14. Attestation tracking the binary (00:43:52)
15. Attestation goes beyond SBOM (00:46:55)
16. Are SBOMs widely used? (00:48:42)
17. 45-ish minutes to AI! (00:49:29)
18. Proactive vs reactive security (00:54:41)
19. Sponsor: Cronitor (00:59:28)
20. AI red teams (01:00:58)
21. Jacob's security war stories (01:05:35)
22. Wave a magic security wand (01:10:57)
23. GitHub as a security centerpoint (01:14:04)
24. How to partner on security with GitHub (01:15:46)
25. Closing thoughts from Jacob (01:24:28)
26. Outro and what's next (01:26:45)
2067 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Changelog Master Feed
Software's best weekly news brief, deep technical interviews & talk show.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Think Silverblue, but with modern DevOps "cloud-native" tooling used to build it. From Aurora to Bazzite, our impressions of this ambitious project. Live chat: https:/jblive.tv
…
continue reading
A podcast about web design and development.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
