Скачать или смотреть Shift left the right way: Practical security integration with Angela Wen | Beyond the Commit

What does it truly mean to "Shift Left" security effectively in modern development? Angela Wen joins Beyond the Commit to discuss practical strategies for integrating security early in the SDLC. Before we look at tools, we need to ensure we're meeting our developers where they are and at the right time. Explore how to best incorporate GitHub tools like code scanning (CodeQL), Copilot autofix, and secret scanning to empower developers to find and fix vulnerabilities sooner, in their existing workflow.

#GitHub #Security #SoftwareDevelopment

— CHAPTERS —

00:00 Intro & What is Shift Left
00:47 Shift Left in Software & Security
01:24 Developer Challenges with Security
02:51 Developer Experience in Shift Left
03:46 Industry-wide Shift Left Issues
05:11 Tools to Write Secure Code
06:20 AI-Powered Autofix Suggestions
07:20 Handling Existing Vulnerabilities
08:56 Secret Scanning & Push Protection
09:47 Final Reflections & Takeaways

Continue the journey:

Explore more about the episode: https://gh.io/btc-s1-e6
What is DevSecOps?: https://gh.io/btc-what-is-devsecops
Best practices for participating in a security campaign: https://gh.io/btc-security-campaigns
Finding leaked passwords with AI: How we built Copilot secret scanning: https://gh.io/btc-find-leaked-passwords
Why application security tools fail and how DevSecOps fixes security debt: https://gh.io/btc-fix-security-debt

Stay up-to-date on all things GitHub by subscribing and following us at:
YouTube: http://bit.ly/subgithub
Blog: https://github.blog
X:   / github  
LinkedIn:   / github  
Instagram:   / github  
TikTok:   / github  
Facebook:   / github  

About GitHub:
It’s where over 100 million developers create, share, and ship the best code possible. It’s a place for anyone, from anywhere, to build anything—it’s where the world builds software. https://github.com