GitHub at BSides San Diego

As proud platinum sponsors of this year's event, we can't wait to connect with you!

From code scanning, secret scanning and supply chain security, we have you covered. GitHub Advanced Security is built to optimize the developer experience through automation. It helps your teams identify and fix reported security issues quickly and efficiently by integrating security into every step of the developer workflow.

Swing by our booth to see it in action, snag some exclusive swag, and catch our speaking session. Plus, if you're seeking personalized attention, simply complete the form below, and we'll reach out to schedule a one-on-one discussion. Don't miss this opportunity to immerse yourself in the latest trends and innovations in cybersecurity. See you at BSidesSD 2024! 🚀

Speaking Session

How to accidentally host a crypto-mining operation in less than 3 minutes

Public GitHub repositories are a gold mine for credential thieves. In fact, it takes only 3 minutes for AWS tokens written to public repositories to be stolen by crypto-mining bots. Once they have those tokens, your infrastructure quickly becomes their mining operation.

However, AWS tokens are only one of many types of credentials leaked every day. At GitHub, we see this problem as a fundamental risk to the open source software supply-chain.

In this session, we’ll share how GitHub is stopping credentials from being published to public repositories. We’ll talk about the most common types of secrets we see on our platform, how they’re leaked, and how you can identify and prevent them from being stored in plain-text in your environment.

Join us to learn how we can all work together to put a stop to secret leaks and protect the open source ecosystem from security breaches.