Good DevOps needs to really be good DevSecOps. But how do you get started? To be clear, there's no silver bullet. Doing things right requires a change in your company's culture. A culture that embraces security and changes how solutions are delivered by "shifting left". Changing to embrace agile practices and empower everyone to do the right thing.
GitHub cares about your code. They care about your apps. And they know building awesome apps means they are secure. But how to you get started? In this hands-on workshop, you'll get direct experience with the current state of art in building a "cloud native solution" where can apply DevSecOps principals and best practices using GitHub Cloud with GitHub Codespaces.
While this hands-on lab is focused primarily on .NET Applications, Brian and the team will cover general practices for all apps supporting components. You'll learn from the beginning about GitHub security and the core workflow of getting code from a developer to a deployed environment in Microsoft Azure. You'll start by learning about the different flavors and versions related to GitHub's offerings both free and paid, with a focus on the cloud. You'll learn critical aspects in getting an enterprise configured and running using GitHub including organizations, adding users, choosing directory authentication, teams, and more.
They'll cover defining your repo strategy, including public, private, and internal visibility. And of course, they'll cover repo settings around security, branch protection, and more. They'll dig into pull requests, best practices, and how to manage the notification madness for a busy GitHub user.
Beyond the code, they'll cover GitHub Issues, and the new GitHub Projects feature to help you track work. Later, they'll dig into GitHub Actions for CI/CD and GitHub workflow automation. Finally, they'll dig into GitHub's various features around helping you produce better, more secure code by looking at Dependabot, GitHub Secret scanning, and Code QL.
All through the day you'll get information and get to try things out using your web browser, GitHub Codespaces, and Azure. By the end of the workshop, you should be ready to encourage your organization to do more and have a DevSecOps practice, built on GitHub.
You will learn:
- How manage your code and assets with GitHub
- How build a cloud native app using GitHub Codespaces
- How to build and release with GitHub to Azure
- You will need a personal GitHub account already created by you (they're free!). This will need to be provided to the conference staff at least two weeks before the conference.
- You will need experience with basic C# coding.
- You must provide your own laptop computer (Windows or Mac) for this hands-on lab that can connect to the conference Wi-Fi. In addition, we'll be testing our labs on Windows 10 and 11, and macOS Big Sur and Monterey. While older operating systems may work fine, we can't test them all. While it may be possible to use an iPad, an Android tablet, or a Linux computer, we will not be testing on those devices or operating systems.
- You'll need a modern browser like Microsoft Edge or Google Chrome. See https://docs.github.com/en/get-started/using-github/supported-browsers for the current supported list of browsers.
- Using your supported browser, you'll need to be able to connect to sites including (but NOT limited to) github.com, azure.com, nuget.org, and azurewebsites.net.
If you want to go off-road a bit, you'll want the Git command-line tools installed, Visual Studio Code (latest non-preview release), and the GitHub Desktop Client. Having administrator rights to install software is also nice, but not required.