Empowering DevSecOps: GitHub-Azure Authentication and SLSA in DevOps
Details
Exciting news! DevSecCon London is hosting Marcel Lupo, Microsoft MVP, Cloud Solutions & DevOps Architect and technical speaker, and Joshua Lock Open Source Software Supply Chain Security Architect at Verizon. Marcel will discuss GitHub Actions authentication methods for Azure, compares two approaches, and highlights the benefits of switching to a passwordless method using Open ID Connect (OIDC) and Joshua will introduce SLSA principles and their application in DevSecOps processes and systems, discusses the threat model guiding SLSA, explains SLSA's security levels, and provides insight into the open source project's future plans and how you can contribute.
Location (hybrid): https://www.youtube.com/watch?v=SPCGkOPwCGw
In-person: Snyk London office, 97 Hackney Rd, London E2 8ET
Remote: TBC
Agenda:
6:00 PM: in-person doors open
6:30 PM: Session kicks off + Live stream (Virtual viewers join in)
- Session one: Passwordless authentication between GitHub and Azure using federated credentials by Marcel Lupo
- Session two: SLSA, more than just a garnish for your pipelines by Joshua Lock
8:00 PM: That's a wrap, more drinks and networking for those attending in person
9:00 PM: In-person event ends, doors closed
Session one: Passwordless authentication between GitHub and Azure using federated credentials by Marcel Lupo
Ever wondered how you can authenticate GitHub Actions with Azure? In this talk we look at GitHub Actions authentication methods for Azure, two ways that you can accomplish this and why you’d want to switch the passwordless method using Open ID Connect (OIDC) instead.
Session two: SLSA, more than just a garnish for your pipelines by Joshua Lock
In this talk Joshua will introduce the SLSA project. He will cover: the SLSA principles, including how they are useful principles across DevSecOps processes and systems; look at the threat model which guides SLSA work; introduce SLSA's security levels; and conclude with a brief summary of the open source project, future plans, and how you can get involved.
***
Join the Community!
If you haven't joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity
Speakers:
Marcel Lupo, Microsoft MVP | Speaker | Cloud Solutions & DevOps Architect.
Marcel is a Microsoft MVP, Cloud Solutions & DevOps Architect and technical speaker focused on Microsoft technologies in the Azure cloud platform and specialises particularly in Automation, DevOps and Developer Technologies, with a strong focus on IaC, Azure DevOps and GitHub.
Marcel is passionate about technology and how it can be used in automation to bring value and solve complex business problems.
Regular speaker at conferences and meetups, and enjoy sharing knowledge and technical content with the wider tech community. Currently works at Avanade UK&I as a Group Manager for DevOps Engineering.
Joshua Lock, Open Source Software Supply Chain Security
Joshua is a versatile software engineer and open source professional with leadership roles in several open source projects. 15 years experience working on tools to build complex software systems deterministically and securely. He is passionate about building systems and software supply chain security.
Steering committee member and specification maintainer on the Supply-chain Levels for Software Artifacts (SLSA) project, The Update Framework (TUF) specification editor and implementation maintainer for python-tuf and go-tuf, contributor and root keyholder for Sigstore, friend of in-toto.
Emeritus core contributor to all aspects of OpenEmbedded and the Yocto Project.
