How to use the GitHub and JFrog integration for secure, traceable builds from commit to production
Connect commits to artifacts without switching tools.
Home / Enterprise software / DevSecOps
DevSecOps
DevSecOps guides about integrating security into every phase of enterprise software development. Learn how to implement security checks within your continuous integration and continuous deployment (CI/CD) pipelines, use automated tools to detect vulnerabilities early, and ensure compliance. Whether you’re new to DevSecOps or looking to deepen your expertise, we have you covered.
Featured
Enhance build security and reach SLSA Level 3 with GitHub Artifact Attestations
Learn how GitHub Artifact Attestations can enhance your build security and help your organization achieve SLSA Level 3. This post breaks down the basics of SLSA, explains the importance of artifact attestations, and provides a step-by-step guide to securing your build process.
Frenemies to friends: Developers and security tools
When socializing a new security tool, it IS possible to build a bottom-up security culture where engineering has a seat at the table. Let’s explore some effective strategies witnessed by the GitHub technical sales team to make this shift successful.
5 ways to make your DevSecOps strategy developer-friendly
Developers care about security, but poorly integrated tools and other factors can cause frustration. Here are five best practices to reduce friction.
Latest
How GitHub accelerates development for embedded systems
In a world where software and hardware is ubiquitous, GitHub can help enable secure development for mission-critical embedded systems.
How to mitigate OWASP vulnerabilities while staying in the flow
Explore how GitHub Advanced Security can help address several of the OWASP Top 10 vulnerabilities
Passwordless deployments to the cloud
Discovering passwords in our codebase is probably one of our worst fears. But what if you didn’t need passwords at all, and could deploy to your cloud provider another way? In this post, we explore how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely, while minimizing the operational overhead associated with secrets (for example, key rotations).
Securing and delivering high-quality code with innersource metrics
With innersource, it’s important to measure both the amount of innersource activity and the quality of the code being created. Here’s how.
GitHub Actions for security and compliance
GitHub Actions can automate several common security and compliance tasks, even if your CI/CD pipeline is managed by another tool.
Applying DevSecOps to your software supply chain
To best apply DevSecOps principles to improve the security of your supply chain, you should ask your developers to declare your dependencies in code; and in turn provide your developers with maintained ‘golden’ artifacts and automated downstream actions so they can focus on code.
Secure at every step: Putting DevSecOps into practice with code scanning
Integrating static analysis security testing into the developer workflow is hard. We discuss the challenges and how to overcome them
Secure at every step: A guide to DevSecOps, shifting left, and GitOps
When developers share the responsibility of security, perform security testing earlier in your development lifecycle, and use Git as a source of truth, you can help your development teams find and remediate security issues faster.
Achieving DevSecOps maturity with a developer-first, community-driven approach
GitHub provides the security capabilities to achieve Level 1 of the OWASP DevSecOps Maturity Model. In this post, we explore the principles of DSOMM Level 1 and how you can implement secret scanning, SCA, SAST and DAST using native tooling on GitHub.
How to build an effective DevSecOps culture
By prioritizing secure development alongside speed, DevSecOps helps you ship safer applications by making security part of your current DevOps pipeline.
Easier bug reporting using Marker.io for GitHub
Learn how you can streamline your bug reporting and issue reviewing workflows from the CEO and Co-founder of Marker.io, Gary Gapsar.
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
The GitHub Podcast
Catch up on the GitHub podcast, a show dedicated to the topics, trends, stories and culture in and around the open source developer community on GitHub.