Scoring your project’s security
source link: https://changelog.com/shipit/94
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Brought to you by
Autumn and Justin are joined by Chris Swan to discuss tech industry trends like AI and sustainability, gamifying the software development process and motivating devs to write more secure code, OpenSSF Scorecards and how they offer a way to measure and improve the security and compliance of GitHub repos, the scoring system, and the security posture of a repository.
- 84 minutes
- Recorded Feb 29, 2024
- Published Mar 9, 2024
- Download (81MB)
- Transcript
- 🎧 428
Sponsors
Synadia – Take NATS to the next level via a global, multi-cloud, multi-geo and extensible service, fully managed by Synadia. They take care of all the infrastructure, management, monitoring, and maintenance for you so you can focus on building exceptional distributed applications.
Sentry – Launch week! New features and products all week long (so get comfy)! Tune in to Sentry’s YouTube and Discord daily at 9am PT to hear the latest scoop. Too busy? No problem - enter your email address to receive all the announcements (and win swag along the way). Use the code CHANGELOG
when you sign up to get $100 OFF the team plan.
Fly.io – The home of Changelog.com — Deploy your apps and databases close to your users. In minutes you can run your Ruby, Go, Node, Deno, Python, or Elixir app (and databases!) all over the world. No ops required. Learn more at fly.io/changelog and check out the speedrun in their docs.
Notes & Links
Links of the week
Person, place, thing, || null
- Linux - person (Linus Torvalds)
- git - person (Linus Torvalds)
- Kubernetes - thing (helmsman)
- Algorithms - person (Al-Khwarizmi, Persian mathmetition)
- Trojan Horse - place (Troy)
- Bluetooth - person (Harold Bluetooth, Denmark king)
- Hadoop - thing (kids elephant toy)
- Venn diagram - person (John Venn)
- MySQL - person (My Widenius)
- Debian - person (Deb and Ian)
- Neon - Greek neon meaning new
Chapters
1 | 00:00 |
This is Ship It! |
2 | 00:32 |
The opener |
3 | 13:25 | |
4 | 17:11 |
Welcome Chris Swan! |
5 | 17:56 |
What is Open SFF? |
6 | 18:49 |
What are scorecards? |
7 | 20:09 |
Gameifying your dev process |
8 | 22:58 |
Simplifying security assurance |
9 | 24:34 |
What permissions does it need? |
10 | 26:49 |
Versioning scorecards |
11 | 28:39 |
Promoting security norma |
12 | 30:14 |
Justin tries the scorecard |
13 | 34:21 |
Easy open source contributions |
14 | 37:09 |
Good docs are important |
15 | 39:49 |
Building confidence |
16 | 40:37 |
Scorecards and the supply chain |
17 | 43:20 |
Signed artifacts |
18 | 45:20 |
Tool maintenance and regulation |
19 | 47:27 |
Maintainer attention |
20 | 55:15 |
Open SFF's great community |
21 | 56:20 |
How to get involved |
22 | 1:02:24 |
Thank you for joining us! |
23 | 1:03:08 | |
24 | 1:08:19 |
The ender |
25 | 1:23:03 |
Outro |
Transcript
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK