Software supply-chain attacks are everywhere these days, so locking down your CI/CD pipelines is non-negotiable. In this talk, Adrien Pessu dives into fortifying your workflows with GitHub Actions—identifying the usual suspects (insecure tokens, untrusted dependencies, rogue PRs) and showing you how to plug those holes.
You’ll walk away with a toolkit of best practices (think least-privilege permissions, vetted actions, and automated vulnerability scans) plus some advanced tactics for keeping sneaky threats at bay. Say goodbye to pipeline panic and hello to rock-solid software delivery.
Watch on YouTube
Top comments (0)