Skip to main content

LinuxFoundationX: GitHub Supply Chain Security Using GitGat

GitHub is one of the most popular SCM (source control management) systems in the world and is used by millions of open source developers. Take the first steps in securing your GitHub repositories with GitGat

GitHub Supply Chain Security Using GitGat
7 weeks
1–2 hours per week
Progress at your own speed
Optional upgrade available

There is one session available:

After a course session ends, it will be archivedOpens in a new tab.
Starts Feb 28
Ends Apr 17

About this course

Skip About this course

Source code management systems are where code, ci-scripts, and Infrastructure as Code (IaC) scripts are stored and managed. That means that properly protecting the SCM is an important step towards securing the software supply chain, and specifically - securing your code. In this course, you will gain an understanding of these categories, why they are important, and how to implement the security controls in GitHub. We’ll use the open source GitGat security report as a guide to the needed security steps. We’ll then see how to use GitGat to set a continuous security audit that takes the current state into account. Finally, we’ll peek under the hood to understand OPA (Open Policy Agent), Gitgat’s underlying technology.

The course is for anyone who has a GitHub account, manages repositories on GitHub, or is responsible for securing such repositories or accounts. The course could fit both hobbyists and professionals who manage GitHub organizations. In addition, the “under the hood” sections could be of interest to developers who are interested in OPA-based projects.

At a glance

  • Institution: LinuxFoundationX
  • Subject: Computer Science
  • Level: Introductory
  • Prerequisites:
    • Learners should have access to a Linux\Mac OS\WSL terminal, capable of running Docker and pulling public Docker images.
    • Familiarity with Linux command line
    • It is recommended to have git installed as well
  • Language: English
  • Video Transcript: English
  • Associated skills:Information Technology Security Auditing, Open Source Technology, Supply Chain Management, Supply Chain, Github, Open Policy Agent, Infrastructure as Code (IaC), Supply Chain Security, Version Control, Security Controls

What you'll learn

Skip What you'll learn
  • Correctly assess your own\your organization’s GitHub account security posture using the Gitgat open-source tool
  • Set up basic GitHub security posture, whether you’re an individual or run a GitHub organization
  • Set up the state for the GitGat project and know how to set up a continuous security audit of your repositories
  • Welcome to LFD122x!
  • Ch 1. Why should we care about GitHub security posture
  • Ch 2. The GitGat security report
  • Ch 3. Access control
  • Ch 4. Permissions
  • Ch 5. Branch Protections
  • Ch 6. File Modification Tracking
  • Ch 7. Incorporating State and continuous security-posture monitoring.
  • Ch 8. Under the hood 1: Rego and OPA basics
  • Ch 9. Under the hood 2: understanding the Gitgat project
  • Final Exam (verified track only)

Who can take this course?

Unfortunately, learners residing in one or more of the following countries or regions will not be able to register for this course: Iran, Cuba and the Crimea region of Ukraine. While edX has sought licenses from the U.S. Office of Foreign Assets Control (OFAC) to offer our courses to learners in these countries and regions, the licenses we have received are not broad enough to allow us to offer this course in all locations. edX truly regrets that U.S. sanctions prevent us from offering all of our courses to everyone, no matter where they live.

Interested in this course for your business or team?

Train your employees in the most in-demand topics, with edX For Business.