GitHub Actions & Security: Best practices

06 Feb, 2021
Xebia Background Header Wave

Rob dove into GitHub Actions and noticed everyone stopped mentioning the best practise of forking the Action’s repository for security (and availability) reasons. In the current IT environment this is very insecure and should not be common practice.

Read this post to find out how to implement this best practice and level up your security stance on using GitHub Actions. You’ll also find a way to automatically keep your forks up to date, while giving you the opportunity to review the incoming changes before you merge them in!

Rob Bos
Rob has a strong focus on ALM and DevOps, automating manual tasks and helping teams deliver value to the end-user faster, using DevOps techniques. This is applied on anything Rob comes across, whether it’s an application, infrastructure, serverless or training environments. Additionally, Rob focuses on the management of production environments, including dashboarding, usage statistics for product owners and stakeholders, but also as part of the feedback loop to the developers. A lot of focus goes to GitHub and GitHub Actions, improving the security of applications and DevOps pipelines. Rob is a Trainer (Azure + GitHub), a Microsoft MVP and a LinkedIn Learning Instructor.

Get in touch with us to learn more about the subject and related solutions

Explore related posts