For more than a dozen years, the Stack Overflow Podcast has been exploring what it means to be a software developer and how the art and practice of programming is changing our world. From Rails to React, from Java to Node.js, join the Stack home team for conversations with fascinating guests to help you understand how technology is made and where it’s headed.
…
continue reading
内容由Changelog Media提供。所有播客内容(包括剧集、图形和播客描述)均由 Changelog Media 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
类似 The Changelog: Software Development, Open Source 的节目
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
))
Securing GitHub (Interview)
Manage episode 424437828 series 1282967
内容由Changelog Media提供。所有播客内容(包括剧集、图形和播客描述)均由 Changelog Media 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Jacob DePriest, VP and Deputy Chief Security Officer at GitHub, joins the show this week to talk about securing GitHub. From Artifact Attestations, profile hardening, preventing XZ-like attacks, GitHub Advanced Security, code scanning, improving Dependabot, and more.
Changelog++ members save 14 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Socket – Secure your supply chain and ship with confidence. Install the GitHub app, book a demo or learn more
- Neon – Fleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.
- Cronitor – Cronitor helps you understand your cron jobs. Capture the status, metrics, and output from every cron job and background process. Name and organize each job, and ensure the right people are alerted when something goes wrong.
- Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
Featuring:
- Jacob DePriest – Twitter, GitHub
- Adam Stacoviak – Mastodon, Twitter, GitHub, LinkedIn, Website
- Jerod Santo – Mastodon, Twitter, GitHub, LinkedIn
Show Notes:
- Where does your software (really) come from?
- Keeping secrets out of public repositories
- GitHub Advanced Security
- Dependabot
- Introducing Artifact Attestations–now in public beta
- Software Bill of Materials (SBOM)
- 😶🌫️ Who in the world is Jia Tan?!
Something missing or broken? PRs welcome!
章节
1. This week on The Changelog (00:00:00)
2. Sponsor: Socket (00:01:46)
3. Let's talk GitHub security (00:05:28)
4. The responsibility of security (00:08:11)
5. Securing change of ownership (00:13:51)
6. Applying Attestation to XZ (00:16:39)
7. XZ-like attacks are scary (00:18:05)
8. The challenge of the defender (00:21:57)
9. Behind code scanning (00:28:40)
10. GitHub Advanced Security features (00:31:34)
11. Sponsor: Neon (00:33:40)
12. Dependabot signal vs noise (00:39:27)
13. Attestations from a maintainer's POV (00:40:42)
14. Attestation tracking the binary (00:43:52)
15. Attestation goes beyond SBOM (00:46:55)
16. Are SBOMs widely used? (00:48:42)
17. 45-ish minutes to AI! (00:49:29)
18. Proactive vs reactive security (00:54:41)
19. Sponsor: Cronitor (00:59:28)
20. AI red teams (01:00:58)
21. Jacob's security war stories (01:05:35)
22. Wave a magic security wand (01:10:57)
23. GitHub as a security centerpoint (01:14:04)
24. How to partner on security with GitHub (01:15:46)
25. Closing thoughts from Jacob (01:24:28)
26. Outro and what's next (01:26:45)
821集单集
分享
Manage episode 424437828 series 1282967
内容由Changelog Media提供。所有播客内容(包括剧集、图形和播客描述)均由 Changelog Media 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Jacob DePriest, VP and Deputy Chief Security Officer at GitHub, joins the show this week to talk about securing GitHub. From Artifact Attestations, profile hardening, preventing XZ-like attacks, GitHub Advanced Security, code scanning, improving Dependabot, and more.
Changelog++ members save 14 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Socket – Secure your supply chain and ship with confidence. Install the GitHub app, book a demo or learn more
- Neon – Fleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.
- Cronitor – Cronitor helps you understand your cron jobs. Capture the status, metrics, and output from every cron job and background process. Name and organize each job, and ensure the right people are alerted when something goes wrong.
- Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
Featuring:
- Jacob DePriest – Twitter, GitHub
- Adam Stacoviak – Mastodon, Twitter, GitHub, LinkedIn, Website
- Jerod Santo – Mastodon, Twitter, GitHub, LinkedIn
Show Notes:
- Where does your software (really) come from?
- Keeping secrets out of public repositories
- GitHub Advanced Security
- Dependabot
- Introducing Artifact Attestations–now in public beta
- Software Bill of Materials (SBOM)
- 😶🌫️ Who in the world is Jia Tan?!
Something missing or broken? PRs welcome!
章节
1. This week on The Changelog (00:00:00)
2. Sponsor: Socket (00:01:46)
3. Let's talk GitHub security (00:05:28)
4. The responsibility of security (00:08:11)
5. Securing change of ownership (00:13:51)
6. Applying Attestation to XZ (00:16:39)
7. XZ-like attacks are scary (00:18:05)
8. The challenge of the defender (00:21:57)
9. Behind code scanning (00:28:40)
10. GitHub Advanced Security features (00:31:34)
11. Sponsor: Neon (00:33:40)
12. Dependabot signal vs noise (00:39:27)
13. Attestations from a maintainer's POV (00:40:42)
14. Attestation tracking the binary (00:43:52)
15. Attestation goes beyond SBOM (00:46:55)
16. Are SBOMs widely used? (00:48:42)
17. 45-ish minutes to AI! (00:49:29)
18. Proactive vs reactive security (00:54:41)
19. Sponsor: Cronitor (00:59:28)
20. AI red teams (01:00:58)
21. Jacob's security war stories (01:05:35)
22. Wave a magic security wand (01:10:57)
23. GitHub as a security centerpoint (01:14:04)
24. How to partner on security with GitHub (01:15:46)
25. Closing thoughts from Jacob (01:24:28)
26. Outro and what's next (01:26:45)
821集单集
All episodes
×
欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。
类似 The Changelog: Software Development, Open Source 的节目
For more than a dozen years, the Stack Overflow Podcast has been exploring what it means to be a software developer and how the art and practice of programming is changing our world. From Rails to React, from Java to Node.js, join the Stack home team for conversations with fascinating guests to help you understand how technology is made and where it’s headed.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Developer Tea exists to help driven developers connect to their ultimate purpose and excel at their work so that they can positively impact the people they influence. With over 13 million downloads to date, Developer Tea is a short podcast hosted by Jonathan Cutrell (@jcutrell), co-founder of Spec and Director of Engineering at PBS. We hope you'll take the topics from this podcast and continue the conversation, either online or in person with your peers. Twitter: @developertea :: Email: deve ...
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
