GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning

Показать описание

What is Secret Scanning 🤫?
Part 7/12: In this video, Padi and I will show you how to find secrets in your own code or configuration files with GitHub.

▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬
00:00 Welcome
00:28 Intro
00:34 DevSecOps with GitHub
01:26 About Secret Scanning
03:13 Secrets in the source code?
04:15 How to enable Secret Scanning
04:56 How to review Secret Scanning findings
05:53 Supported secrets for advanced security
07:12 Enable Secret Scanning in GitHub
07:23 Enable Push Protection
07:33 Define custom pattern
08:57 Add secrets to the code
09:59 Publish rule
10:22 Secret scanning results
10:27 Why did it not find the other secrets?
11:26 Add Azure Secret
11:59 Why is push protection not working?
12:43 Secret scanning results
13:06 Summary

▬▬▬▬▬▬ L I N K S 🔗▬▬▬▬▬▬
Source Code
Blog-Post
GitHub
Patrick Steger
Secret Scanning in GitHub

▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬
GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline.
GitHub: DevSecOps: Part 2/12: Introduction to GitHub
GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis)
GitHub: DevSecOps: Part 4/12: How to ensure License Compliance?
GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST)
GitHub: DevSecOps: Part 6/12: How to use Container Scanning
GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning

▬▬▬▬▬▬ S U B S C R I B E 🔔 ▬▬▬▬▬▬
╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗
║╚╣║║║╚╣╚╣╔╣╔╣║╚╣═╣
╠╗║╚╝║║╠╗║╚╣║║║║║═╣
╚═╩══╩═╩═╩═╩╝╚╩═╩═╝

▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬

▬▬▬▬▬▬ P L A Y L I S T S ▶️ ▬▬▬▬▬▬
Modern Software Engineering
DevOps
GitLab: Build a DevSecOps Pipeline

#devsecops #devops #github #romanoroth

Рекомендации по теме

Комментарии

7:20 I don't see the "Custom patterns" section in any of my repos, was this removed?

overreactengine

Waiting for your next video. When will it be uploaded?

tech-futurist

It's a nice presentation and easy to understand. But you show for GitHub what about GitLab for Secret scanning as well as container scanning?

mdjakirhossain

GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning

GitLab: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Detection

GitHub: DevSecOps: Part 9/12: Vulnerability Management

GitHub: DevSecOps: Part 12/12: How to build a DevSecOps pipeline with GitHub: Our Recommendations

GitHub: DevSecOps: Part 8/12: How to use Dynamic Application Security Testing (DAST)

GitHub: DevSecOps: Part 6/12: How to use Container Scanning

GitHub: DevSecOps: Part 11/12: How to do Schedule pipeline in GitHub

GitLab: DevSecOps: Part 8/12: How to use Dynamic Application Security Testing (DAST)

GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline.

🔴 DevSecOps with AWS - Batch 85 | Session 05 | Live Training by Raghu K | JoinDevops

GitLab: DevSecOps: Part 12/12: How to build a DevSecOps pipeline with Gitlab: Our Recommendations

GitHub: DevSecOps: Part 10/12: Branch Protection and Pull Requests

GitLab: DevSecOps: Part 6/12: How to use Container Scanning

GitLab: DevSecOps: Part 4/12: How to ensure License Compliance?

What is DevSecOps? DevSecOps explained in 8 Mins

GitLab: DevSecOps: Part 10/12: How to do a Merge Request: The Complete Guide

GitLab: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis)

GitLab: DevSecOps: Part 11/12: How to build a Schedule Pipeline in GitLab?

Setup branch policies in GitHub Enterprise

DevSecOps Hashicorp Vault - 4 - Policies and UserPass in Hashicorp Vault | Rahul Kinge

DevSecOps Hashicorp Vault - 12 - Vault PKI Secret Engine - Generate/issue certificate via Java

How to Create a DevSecOps CI/CD Pipeline

Scaling DevSecOps with GitHub and Azure | BRK214

GIT - Cloning a Github repository | Part-7 | How to pull and push code on to GitHub

DevOps Roadmap 2024 Development #devops #development#deb #projects #computerscienceengineering