Keynote: Detecting Threats in GitHub with Falco
Conference: Cloud Native SecurityCon North America 2022
2022-10-25
Authors: Loris Degioanni
Summary
The presentation discusses the importance of securing code repositories and how to detect and prevent threats using CNCF's Falco.
- Code repositories are a prime target for attacks and are subject to several categories of threats such as pushing secrets, running GitHub actions with miners, and mistakenly publishing a private repository.
- Falco is a runtime security tool that traditionally protects containers and pods in Kubernetes but now has a GitHub plugin to provide real-time runtime security for GitHub repositories.
- Falco listens on containerized Kubernetes-based endpoints and captures signals such as system calls to detect bad stuff and give alerts.
- Falco's rule engine is simple and customizable, allowing users to add their own rules to detect specific threats.
- Falco is free, open-source, and can be helpful in securing code repositories.
- The presenter invites attendees to a Falco party and a session with Falco developers to learn more about the tool.
Abstract
Are your code repositories secure? Misconfigurations and attacks that target GitHub repositories are a serious source of risk, which many people underestimate. Learn what the most common issues with GitHub security are, and how to detect and prevent them with CNCF's Falco.
Materials: