Kevin Lewis
Real-World Security for Busy Developers
#1about 9 minutes
Why developers must take ownership of application security
The growing responsibility for security falls on developers due to the high cost of breaches and the scarcity of dedicated security specialists.
#2about 3 minutes
Prevent leaked secrets with push protection and scanning
GitHub's push protection blocks credentials from being committed, while secret scanning finds existing keys across your entire repository history.
#3about 9 minutes
Write and review secure code using AI-powered tools
Use GitHub Copilot for security education and code reviews, while CodeQL automatically finds vulnerabilities that Copilot Autofix can then resolve.
#4about 5 minutes
Manage vulnerable dependencies in your software supply chain
Use dependency review to check for vulnerabilities and license compliance in pull requests, and let Dependabot proactively create fixes for you.
#5about 1 minute
Drive security fixes with organization-wide campaigns
Security campaigns allow teams to prioritize and track the remediation of specific vulnerabilities across all repositories in an organization.
#6about 3 minutes
How security tools integrate into the developer workflow
A summary of how tools like push protection, code scanning, and Dependabot fit seamlessly into each stage of development from the IDE to production.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
55:17 MIN
Avoiding common security mistakes and giving better feedback
The weekly developer show: Boosting Python with CUDA, CSS Updates & Navigating New Tech Stacks
05:33 MIN
Integrating security earlier in the development lifecycle
Vulnerable VS Code extensions are now at your front door
27:19 MIN
Key takeaways on IDE and developer tool security
You click, you lose: a practical look at VSCode's security
11:13 MIN
Hardening the CI/CD pipeline with automated security tools
You can’t hack what you can’t see
23:48 MIN
Summary of how GitHub secures open source
How GitHub secures open source
41:45 MIN
Key takeaways for securing your application pipeline
Securing Your Web Application Pipeline From Intruders
08:33 MIN
Preventing leaked secrets and managing dependencies
How GitHub secures open source
14:01 MIN
Security is now a shared responsibility across all teams
The Evolving Landscape of Application Development: Insights from Three Years of Research
Featured Partners
Related Videos
25:28How GitHub secures open source
Joseph Katsioloudes
21:53Simple Steps to Kill DevSec without Giving Up on Security
Isaac Evans
22:18Why Security-First Development Helps You Ship Better Software Faster
Michael Wildpaner
24:47Supply Chain Security and the Real World: Lessons From Incidents
Adrian Mouat
29:47You click, you lose: a practical look at VSCode's security
Thomas Chauchefoin & Paul Gerste
56:06Stop Committing Your Secrets - GIt Hooks To The Rescue!
Dwayne McDaniel
23:34Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together
Stefania Chaplin
33:29Programming secure C#/.NET Applications: Dos & Don'ts
Sebastian Leuer
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Software Engineering Manager, Application Security Testing: Composition Analysis & Dynamic Analysis
GitLab
Amsterdam, Netherlands
Remote
€10K
Intermediate
API
C++
Burp Suite
+1
Software Engineer - SDLC Security - Public Artifacts
Datadog
Paris, France
DevOps
Python
Kubernetes
Configuration Management
DevOps Security Engineer with Golang Development Focus
SAP AG
Sankt Leon-Rot, Germany
Junior
Go
Azure
DevOps
Puppet
Docker
+6
Fullstack Engineer (RoR/vue.js), Software Supply Chain Security AuthorizationGitlab
GitLab
€117-252K
Senior
Gitlab
Vue.js
PostgreSQL
Ruby on Rails
Application Security Engineer
Pennylane
Municipality of Madrid, Spain
Remote
Ruby
React
Python
JavaScript
+3