Establishing a Secure Development Strategy

Intermediate GitHub Concepts

Stan Konkin

ML Enthusiast, DataCamp

Why Secure Development Matters

 

  • 🔑 Essential for Projects: Keep our code secure
  • 💻 Automate Security: Reduce manual work
  • Prevent Issues Early: Fix vulnerabilities before they escalate

Secure Development

Intermediate GitHub Concepts

GitHub Advanced Security: The Essentials

 

  • Code Scanning: Identify vulnerabilities in our code
  • 🔒 Secret Scanning: Detect and protect sensitive data
  • 📊 Dependency Graph & Dependabot: Manage dependencies and automate security updates

GitHub Advanced Security

1 docs.github.com/en/get-started/learning-about-github/about-github-advanced-security
Intermediate GitHub Concepts

Understanding the Dependency Graph

 

 

  • 📊 Visualize: See all project dependencies
  • Spot Risks: Identify vulnerabilities in our chain
  • 🚀 Track Updates: Monitor changes to dependencies

 

Dependency graph.jpg

Intermediate GitHub Concepts

Adding Dependencies to Our Repo

requirements-analysis.txt

pandas==1.2.4
numpy==1.20.3
matplotlib==3.4.2
...

requirements-ml.txt

pandas==1.3.0
numpy==1.21.0
scikit-learn==0.24.2
...

setup.py

name="ecommerce-data-hub",
version="0.1",
packages=find_packages(),
...

new files.jpg

Intermediate GitHub Concepts

Opening the Dependency Graph

Opening ecommerce-data-hub repository

Intermediate GitHub Concepts

Opening the Dependency Graph

Opening the Insights tab

Intermediate GitHub Concepts

Opening the Dependency Graph

Clicking on the Dependency graph option

Intermediate GitHub Concepts

Opening the Dependency Graph

Alerts in the Dependency Graph

Intermediate GitHub Concepts

Opening the Dependency Graph

Opening5.jpg

Intermediate GitHub Concepts

Turning on Dependabot Alerts

Turning on Dependabot Alerts

Intermediate GitHub Concepts

Checking Dependabot Alerts in the Security Tab

Checking Dependabot Alerts in the Security Tab

Intermediate GitHub Concepts

Viewing Dependabot Alerts

Viewing Dependabot Alerts

Intermediate GitHub Concepts

Reviewing and Merging the Security Update

Reviewing and Merging the Security Update

Intermediate GitHub Concepts

Reviewing the Updated Alerts

Reviewing the Updated Alerts

Intermediate GitHub Concepts

Putting Everything Together

 

  • 📊 Dependency Graph: Visualize dependencies
  • Dependabot Alerts: Get notifications on vulnerabilities
  • 🚀 Dependabot Updates: Automatically fix issues with PRs

Secure Development

Intermediate GitHub Concepts

Let's practice!

Intermediate GitHub Concepts

Preparing Video For Download...