Secure Your Open Source Projects For Free

•Download as PPTX, PDF•

0 likes•46 views

Security issues, dependency vulnerabilities, misconfigurations... All of those can make or break your Open Source projects. Also, you want to make sure you adhere to the best practices, especially when you use more complex tools like Kubernetes. Let's see how we can use the tools that GitHub and Datree provide (most are Open Source too!) to secure your project and make sure that no misconfiguration ever reaches the deployment targets!

Software

SECURE YOUR
OPEN-
SOURCE
PROJECTS
(For Free!)
Davide Benvegnu
DevOps Lead & YouTuber

DevOps & Infra Lead @ PlayStudios
Former DevOps Architect @ Microsoft + GitHub
Former MMA Fighter
Davide Benvegnu
@DavideBenvegnu
github.com/n3wt0n
linkedin.com/in/davidebenvegnu
coderdave.io

Shift Left Tools (for today)
GitHub Advanced Security
Software security suite with Code Scanning, Secret Scanning,
and Dependency Vulnerability prevention
Datree
Automated policy and best-practices checks for Kubernetes,
Helm, and ArgoCD

The 3 flavors of Advanced Security
Dependency Management
Code Scanning Secret Scanning
Scans projects for dependency
vulnerabilities and know issues.
Sends Dependabot alerts when detects
vulnerabilities affecting your repository
Create automatic PRs to upgrade
dependencies to a non-vulnerable version
(or to keep them updated)
Analyze the code in a GitHub repository
to find code vulnerabilities and issues.
Based on CodeQL, inherited from Semmle
and LGTM.
Integrated into GitHub, interoperable
with third-party code scanning tools that
output Static Analysis Results Interchange
Format (SARIF) data
Scans the entire Git history on all
branches in your repository for secrets.
Scans for passwords, secrets, tokens, API
keys, and custom patterns.
Works wit 150+ 3rd party services and
cloud providers to automatically
disable/rotate keys

Code Scanning
Supported Languages
Code Scanning / CodeQL supports both compiled and interpreted
languages
• C/C++
• C#
• Go
• Java
• JavaScript/TypeScript
• Python
• Ruby
Quality of Results
• Fairly low false positive ration
• Can catch issues other tools may not
Customizable
• Based on CodeQL queries, regularly updated,
• Open source: https://github.com/github/codeql
• Write your own queries
• Publish a CodeQL query pack (beta) to GHCR (self-
contained)
• Create a QL pack in a repository
Configurable
• Default config is usually “good enough”
• Custom config file
• Disabled default queries
• Specifying CodeQL query packs
• Specifying additional queries

Datree
Supports kubectl manifests, Helm charts, and ArgoCD
Prevents misconfigurations to reach your deployment
targets by enforcing policies and best practices.
Performs YAML validation, k8s schema validation, and
policy check

Is it perfect?
No, but…
• Code Scanning: Low false positive rate
• Code Scanning: New languages added regularly
• Code Scanning: SARIF compatibility
• GHAS: Good all-around tool
• Datree: Integrated in the workflow
• Datree: great support
• Datree: super easy to use and customize

Recap: GitHub Advanced Security
• Extensible framework for code scanning
• Integrated within the developer workflow
• Backed by industry-leading CodeQL engine
• Customizable and Configurable
• Integrated with GitHub features
Product Synergy

Recap: Datree
• Policy and Best Practices enforcement
• Integrated within the developer workflow
• Customizable and Configurable
• Policy-as-Code support
• Validates “anything Kubernetes”
No more misconfiguration

In this talk I will compare 2 services Github Copilot (including Copilot X) and Amazon CodeWhisperer from the perspective of the Java developers in terms of the quality of the given recommendations for simple tasks, complex algorithms, Spring Boot and AWS development, IDE integration and pricing. Both services are the machine learning-powered services that help improve developer productivity by generating code recommendations based on developers’ comments in natural language and their code. Based on natural language comments, these services also automatically recommend unit test code that matches your implementation code.

Deploy multi-environment application with Azure DevOps

Andrea Tosato

Open Source Security and ChatGPT-Published.pdf

Javier Perez

Collision 2018: CodeStar for CICD Pipelines

Amazon Web Services

GitHub Copilot.pptx

Luis Beltran

Increase the Velocity of Your Software Releases Using GitHub and DeployHub

DevOps.com

Increase the velocity of your software releases by using continuous deployment driven by continuous delivery pipeline. After all, the goal of agile is to get code updates into the hands of your users fast and on a high frequency basis. This means installing all the way to production, not just staged for productio. This webinar will show you an approach to achieving full continuous deployment using GitHub and DeployHub. You will learn how to declare your Application Package from your GitHub repository, manage approvals and deliver updates to environments across the CD pipeline from development through production. GitHub and DeployHub work together to provide a complete DevOps process that results in a repeatable, consistent software releases process with a full continuous feedback loop.

Any suspicion that Linus Torvalds was a Linux one-hit-wonder was dispelled when he released the Git distributed versioning system. Git is a popular source code management tool, and sophisticated software delivery flows are now built around its powerful branching model. Join us to learn how to leverage Git and GitHub for maximum delivery velocity, and for an introduction to how Heroku GitHub Integration, Review Apps, and Pipelines let you deliver software with ease and confidence.

Git tech

Taj Nehme

Hardening Your CI/CD Pipelines with GitOps and Continuous Security

Weaveworks

Join us for a webinar on how to secure your CI/CD pipeline for Kubernetes with GitOps best practices and continuous runtime protection. As modern developers and DevOps teams are embarking on a quest for speed and reliability through automated CI/CD pipelines for Kubernetes, enterprises still need to ensure security and regulatory compliance. Together with Deepfence, the Weaveworks team will explain and demonstrate how GitOps continuous delivery pipelines, combined with continuous security observability, improves the overall security of your development workflow - from Git to production. In this webinar we will demonstrate: Deepfence container scanning Git-to-Kubernetes using FluxCD Deepfence continuous runtime security

Azure DevOps

Michael Jesse

Continuous Integration

XPDays

Build your android app with gradle

Swain Loda

Tour of Azure DevOps

Callon Campbell

Microsoft recently released Azure DevOps, a set of services that help developers and IT ship software faster, and with higher quality. These services cover planning, source code, builds, deployments, and artifacts. One of the great things about Azure DevOps is that it works great for any app and on any platform regardless of frameworks. In this session, I will give you a quick overview of what Azure DevOps is and how you can quickly get started and incorporate it into your continuous integration and deployment processes.

Effective Collaboration & Delivery with GitHub and AWS Code Deploy – GitHub

Amazon Web Services

Continuous integration and delivery for java based web applications

Sunil Dalal

Azure DevOps - Azure Guatemala Meetup

Guillermo Zepeda Selman

Enter Cookbook: refactoring under a microscope

Kamil Samigullin

Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...

Janusz Nowak

Scaling Git for Enterprise DevOps

Eng Teong Cheah

Que nos espera a los ALM Dudes para el 2013?

Bruno Capuano

GitOps 101 Presentation.pdf

ssuser31375f

DevSecOps Done Right - Strategies and Tools.pptx

Davide Benvegnù

Microsoft Skills Bootcamp - The power of GitHub and Azure

Davide Benvegnù

Similar to Secure Your Open Source Projects For Free

DevOps Service | Mindtree

AnikeyRoy

Aleksei Dremin - Application Security Pipeline - phdays9

Alexey Dremin

#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale

Agile Testing Alliance

Guidelines for Working with Contract Developers in Evergreen

loriayre

GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools

AdaCore

Git into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku

Salesforce Developers

Git tech

Taj Nehme

Hardening Your CI/CD Pipelines with GitOps and Continuous Security

Weaveworks

Azure DevOps

Michael Jesse

Continuous Integration

XPDays

Build your android app with gradle

Swain Loda

Tour of Azure DevOps

Callon Campbell

Effective Collaboration & Delivery with GitHub and AWS Code Deploy – GitHub

Amazon Web Services

Continuous integration and delivery for java based web applications

Sunil Dalal

Azure DevOps - Azure Guatemala Meetup

Guillermo Zepeda Selman

Enter Cookbook: refactoring under a microscope

Kamil Samigullin

Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...

Janusz Nowak

Scaling Git for Enterprise DevOps

Eng Teong Cheah

Que nos espera a los ALM Dudes para el 2013?

Bruno Capuano

GitOps 101 Presentation.pdf

ssuser31375f

Similar to Secure Your Open Source Projects For Free (20)

DevOps Service | Mindtree

Aleksei Dremin - Application Security Pipeline - phdays9

#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale

Guidelines for Working with Contract Developers in Evergreen

GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools

Git into the Flow, with the Ultimate Continuous Delivery Workflow on Heroku

Git tech

Hardening Your CI/CD Pipelines with GitOps and Continuous Security

Azure DevOps

Continuous Integration

Build your android app with gradle

Tour of Azure DevOps

Effective Collaboration & Delivery with GitHub and AWS Code Deploy – GitHub

Continuous integration and delivery for java based web applications

Azure DevOps - Azure Guatemala Meetup

Enter Cookbook: refactoring under a microscope

Continues Integration and Continuous Delivery with Azure DevOps - Deploy Anyt...

Scaling Git for Enterprise DevOps

Que nos espera a los ALM Dudes para el 2013?

GitOps 101 Presentation.pdf

More from Davide Benvegnù

DevSecOps Done Right - Strategies and Tools.pptx

Davide Benvegnù

Microsoft Skills Bootcamp - The power of GitHub and Azure

Davide Benvegnù

All Around Azure: DevOps with GitHub - Managing the Flow of Work

Davide Benvegnù

Let's see how to use GitHub and Azure DevOps together to manage the flow of work. DevOps is all about continuously delivering value. Before we can even begin thinking about CI/CD, we need to make sure we do the right work. Sprint after sprint, iteration after iteration, we need to plan our work and manage our workflows. This includes planning and tracking all units of work for the project. With frequent small iterations, there is no time to waste. Careful planning needs to happen to ensure the correct work gets done for each iteration. With the compressed time frame for each iteration, team members must work and coordinate their activities. Thus cross (functional) team visibility of work becomes vital for that coordination and allocation of resources. Visibility also ensures problems or bottlenecks get surfaced and addressed quickly.

CI CD per .Net 5? Facile con Azure Pipelines e GitHub Actions

Davide Benvegnù

GitHub Actions: your free CI engine (and much more)

Davide Benvegnù

Life of a Remote Developer - Productivity tips (MSBuild 2020)

Davide Benvegnù

Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...

Davide Benvegnù

[SLIDES FROM MICROSOFT ONLINE TECH FORUM SESSION] Kubernetes is the open source container orchestration system that supercharges applications with scaling and reliability and unlocks advanced features, like A/B testing, Blue/Green deployments, canary builds, and dead-simple rollbacks. In this session, see how Tailwind Traders took a containerized application and deployed it to Azure Kubernetes Service (AKS). You’ll walk away with a deep understanding of major Kubernetes concepts and how to put it all to use with industry standard tooling.

Debugging and Interacting with Production Applications - MS Online Tech Forum

Davide Benvegnù

[SLIDE FROM MICROSOFT ONLINE TECH FORUM SESSION] Now that the applications are in the Cloud, developers must find ways to debug and interact with the production applications with minimal impact and maximal efficiency. Azure comes with a full set of tools and utilities that can be used to manage and monitor your applications. In this session, see how streaming logs work to monitor the production application in real time. We also show how Snapshot Debugging can be used to live debug applications.

Architect your app modernization journey with containers on Microsoft Azure

Davide Benvegnù

Build 2019 HK - Deep Dive notable announcements

Davide Benvegnù

How I choose which services to use in Azure

Davide Benvegnù

Secure your applications with Azure AD and Key Vault

Davide Benvegnù

Developers like the productivity of the Azure Platform, and now with Azure KeyVault and AAD we can easily secure secrets like DocumentDB, Media Services or Azure Batch keys in Azure KeyVault and apply granular policies to define who can access the secrets. In this session we will see how to adopt a secure approach to manage application secrets by using Azure KeyVault, Azure Active Directory and Principals based on Certificates.

Microservices with Azure Service Fabric

Davide Benvegnù

Develop a Serverless Integration Platform for the Enterprise

Davide Benvegnù

Integrating different systems is usually important, but in the Enterprise it is critical. And managing the integration platform is often even more critical. But what if we can design an integration architecture and pattern which can be applied to most of the systems, which doesn't require much management and which can scale on the fly? In this session we will see how we can achieve that using the serveless offering we have on Azure: Functions, LogicApp and Service Bus.

.NET microservices with Azure Service Fabric

Davide Benvegnù

SharePoint Disaster Recovery in Microsoft Azure

Davide Benvegnù

Microsoft TechSummit - Deploy your Solution to IaaS and PaaS with VSTS and Az...

Davide Benvegnù

VS2017PI - Le novità di visual studio team services

Davide Benvegnù

Accelerate Your Bot Development with DevOps

Davide Benvegnù

Microsoft <3 Open Source

Davide Benvegnù

More from Davide Benvegnù (20)

DevSecOps Done Right - Strategies and Tools.pptx

Microsoft Skills Bootcamp - The power of GitHub and Azure

All Around Azure: DevOps with GitHub - Managing the Flow of Work

CI CD per .Net 5? Facile con Azure Pipelines e GitHub Actions

GitHub Actions: your free CI engine (and much more)

Life of a Remote Developer - Productivity tips (MSBuild 2020)

Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...

Debugging and Interacting with Production Applications - MS Online Tech Forum

Architect your app modernization journey with containers on Microsoft Azure

Build 2019 HK - Deep Dive notable announcements

How I choose which services to use in Azure

Secure your applications with Azure AD and Key Vault

Microservices with Azure Service Fabric

Develop a Serverless Integration Platform for the Enterprise

.NET microservices with Azure Service Fabric

SharePoint Disaster Recovery in Microsoft Azure

Microsoft TechSummit - Deploy your Solution to IaaS and PaaS with VSTS and Az...

VS2017PI - Le novità di visual studio team services

Accelerate Your Bot Development with DevOps

Microsoft <3 Open Source

Recently uploaded

Strategies for Successful Data Migration Tools.pptx

varshanayak241

Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.

Understanding Globus Data Transfers with NetSage

Globus

NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?

Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...

Anthony Dahanne

Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ? Venez le découvrir lors de cette session ignite

Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...

Shahin Sheidaei

Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.

Using IESVE for Room Loads Analysis - Australia & New Zealand

IES VE

SOCRadar Research Team: Latest Activities of IntelBroker

SOCRadar

The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month. The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies. However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News. Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!

Designing for Privacy in Amazon Web Services

KrzysztofKkol1

Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload. Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.

Lecture 1 Introduction to games development

abdulrafaychaudhry

Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...

Globus

The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.

Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...

Globus

Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.

Visitor Management System in India- Vizman.app

NaapbooksPrivateLimi

Your Digital Assistant. Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data. Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you. Feasible Features One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated User Friendly – can be easily used on Android, iOS, and Web Interface Multiple Accessibility – Log in through any device from any place at any time One app for all industries – a Visitor Management System that works for any organisation. Stress-free Sign-up Visitor is registered and checked-in by the Receptionist Host gets a notification, where they opt to Approve the meeting Host notifies the Receptionist of the end of the meeting Visitor is checked-out by the Receptionist Host enters notes and remarks of the meeting Customizable Components Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments Alerts & Notifications – Get notified on SMS, email, and application Parking Management – Manage availability of parking space Individual log-in – Every user has their own log-in id Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization. "Secure Your Premises with VizMan (VMS) – Get It Now"

Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...

informapgpstrackings

Developing Distributed High-performance Computing Capabilities of an Open Sci...

Globus

COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.

2024 RoOUG Security model for the cloud.pptx

Georgi Kodinov

Explore Modern SharePoint Templates for 2024

Sharepoint Designs

Providing Globus Services to Users of JASMIN for Environmental Data Analysis

Globus

JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.

How Recreation Management Software Can Streamline Your Operations.pptx

wottaspaceseo

Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.

Accelerate Enterprise Software Engineering with Platformless

WSO2

Key takeaways: Challenges of building platforms and the benefits of platformless. Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience. How Choreo enables the platformless experience. How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo. Demo of an end-to-end app built and deployed on Choreo.

Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...

Globus

The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.

Cracking the code review at SpringIO 2024

Paco van Beckhoven

Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production. Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process? In this session we will cover: - The Art of Effective Code Reviews - Streamlining the Review Process - Elevating Reviews with Automated Tools By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces

Recently uploaded (20)

Strategies for Successful Data Migration Tools.pptx

Understanding Globus Data Transfers with NetSage

Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...

Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...

Using IESVE for Room Loads Analysis - Australia & New Zealand

SOCRadar Research Team: Latest Activities of IntelBroker

Designing for Privacy in Amazon Web Services

Lecture 1 Introduction to games development

Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...

Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...

Visitor Management System in India- Vizman.app

Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...

Developing Distributed High-performance Computing Capabilities of an Open Sci...

2024 RoOUG Security model for the cloud.pptx

Explore Modern SharePoint Templates for 2024

Providing Globus Services to Users of JASMIN for Environmental Data Analysis

How Recreation Management Software Can Streamline Your Operations.pptx

Accelerate Enterprise Software Engineering with Platformless

Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...

Cracking the code review at SpringIO 2024

Secure Your Open Source Projects For Free

1. SECURE YOUR OPEN- SOURCE PROJECTS (For Free!) Davide Benvegnu DevOps Lead & YouTuber

2. DevOps & Infra Lead @ PlayStudios Former DevOps Architect @ Microsoft + GitHub Former MMA Fighter Davide Benvegnu @DavideBenvegnu github.com/n3wt0n linkedin.com/in/davidebenvegnu coderdave.io

3. Allegedly Famous YouTuber CoderDave

4. Security is important

5. Continuous Security

6. Shift Left

7. Shift Left Tools (for today) GitHub Advanced Security Software security suite with Code Scanning, Secret Scanning, and Dependency Vulnerability prevention Datree Automated policy and best-practices checks for Kubernetes, Helm, and ArgoCD

8. Shift Left

9. GitHub Advanced Security

10. The 3 flavors of Advanced Security Dependency Management Code Scanning Secret Scanning Scans projects for dependency vulnerabilities and know issues. Sends Dependabot alerts when detects vulnerabilities affecting your repository Create automatic PRs to upgrade dependencies to a non-vulnerable version (or to keep them updated) Analyze the code in a GitHub repository to find code vulnerabilities and issues. Based on CodeQL, inherited from Semmle and LGTM. Integrated into GitHub, interoperable with third-party code scanning tools that output Static Analysis Results Interchange Format (SARIF) data Scans the entire Git history on all branches in your repository for secrets. Scans for passwords, secrets, tokens, API keys, and custom patterns. Works wit 150+ 3rd party services and cloud providers to automatically disable/rotate keys

11. Code Scanning Supported Languages Code Scanning / CodeQL supports both compiled and interpreted languages • C/C++ • C# • Go • Java • JavaScript/TypeScript • Python • Ruby Quality of Results • Fairly low false positive ration • Can catch issues other tools may not Customizable • Based on CodeQL queries, regularly updated, • Open source: https://github.com/github/codeql • Write your own queries • Publish a CodeQL query pack (beta) to GHCR (self- contained) • Create a QL pack in a repository Configurable • Default config is usually “good enough” • Custom config file • Disabled default queries • Specifying CodeQL query packs • Specifying additional queries

12. Datree

13. Datree Supports kubectl manifests, Helm charts, and ArgoCD Prevents misconfigurations to reach your deployment targets by enforcing policies and best practices. Performs YAML validation, k8s schema validation, and policy check

14. Let’s see them in action

15. Conclusions

16. Is it perfect? No, but… • Code Scanning: Low false positive rate • Code Scanning: New languages added regularly • Code Scanning: SARIF compatibility • GHAS: Good all-around tool • Datree: Integrated in the workflow • Datree: great support • Datree: super easy to use and customize

17. Recap: GitHub Advanced Security • Extensible framework for code scanning • Integrated within the developer workflow • Backed by industry-leading CodeQL engine • Customizable and Configurable • Integrated with GitHub features Product Synergy

18. Recap: Datree • Policy and Best Practices enforcement • Integrated within the developer workflow • Customizable and Configurable • Policy-as-Code support • Validates “anything Kubernetes” No more misconfiguration

19. Videos

20. THANK YOU! coderdave.io/join

Secure Your Open Source Projects For Free

Recommended

Recommended

More Related Content

Similar to Secure Your Open Source Projects For Free

Similar to Secure Your Open Source Projects For Free (20)

More from Davide Benvegnù

More from Davide Benvegnù (20)

Recently uploaded

Recently uploaded (20)

Secure Your Open Source Projects For Free