⚡ Lightning Talk: Securing Your Source Repositories - 5 Tips to Get Started!

The presentation discusses 5 tips to get started with securing source repositories.

• Enable two-factor authorization to protect your account
• Protect branches with two-party review and use security checks
• Use dependabots to automate workflows and keep dependencies up to date
• Sign your commits using GPG, SSH, X5, or 9
• Use scope credentials to reduce vulnerability and protect your repository

The speaker emphasizes the importance of signing and verifying git commits with the same level of rigor as binary artifacts, as commits are used in CI pipelines and git Ops workflows. He recommends using tools like Git Signum to sign commits and reduce vulnerability.

Source Repositories are a critical piece of your software supply chain - they can hold deployment configs, application code, and much more! In this talk we'll cover key basics for getting started with securing repositories, how you can enable them in your own organizations, and next steps you can take.