Security is an essential part of any engineering organization—especially in regulated industries, like automotive.
In our recent webcast, “Driving secure, collaborative development”, GitHub Solutions Engineer Phil Holleran walked through GitHub features that can make your security and compliance workflows less painful. Here are some key takeaways and a link to watch the recording.
Simple as it may sound, enforcing multi-factor authentication (MFA) across your organization is an easy way to avoid security vulnerabilities and outsider access. It’s also important to periodically audit the other ways people in your organization can authenticate and deploy. Occasional reviews help you check if the applications and keys are still in use, and if your users have successfully authorized them to act on their behalf.
Personal access tokens and OAuth applications can present security challenges with complex permissioning. Use GitHub Apps to eliminate the need for machine users, and only grant access to the people who need it.
With GitHub branch protection, protect your code from unwanted modifications by preventing force pushes (and deletion) and requiring code reviews. With the new code owners feature in GitHub, you can easily automate the assignment of reviewers.
To learn more, watch the recording.