Wednesday
Room 1
17:40 - 18:40
(UTC±00)
Talk (60 min)
GitHub Actions Security: From CI Nightmare to Supply Chain Sentinel
GitHub Actions, crucial for CI/CD, can become an attack vector if unsecured. Misconfigurations risk supply chain attacks: malicious code injection, credential theft, or release tampering. Real-world incidents prove this urgent security need in automated pipelines.
This talk exposes GitHub Actions security risks: token leaks, script injections, and threats from untrusted third-party Actions or compromised runners.
We'll then detail actionable strategies to secure your GitHub Actions. Key topics: Principle of Least Privilege (GITHUB_TOKEN, OIDC), vetting third-party Actions, securing runners, and hardening workflows (input sanitization, code signing).
Attendees gain practical knowledge to turn GitHub Actions from a vulnerability into a strong supply chain defense, ensuring secure automation.
Niek Palm
Niek is a Principal Engineer in the Philips Software Center of Excellence. He supports businesses in the goal of building better software and engineering practices. Niek is closely involved in shaping the future of software within Philips by driving DevOps culture transformation. He is playing a key role in driving the InnerSource community in Philips to build faster, better software together. As public speaker, blogger, open source maintainer and book reviewer, he advocates and shares his expertise on key areas as Cloud, DevOps and Software Development.