Git, GitHub, and AWS CodeCommit Security
Stories about securing git, GitHub, and your code
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: GitHub Security | Application Security | Secure Code
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Preventing GitHub data breaches and security incidents:
Use Code Scanning in Github to find security flaws.
Use Credential.Helper cache options to protect credentials used with git.
Add a repository to your Ubuntu instance to get a more recent version of git than the default at the time I wrote this post.
If for some reason you can’t get the latest version of git from the git repository, you can build it from the source in GitHub.
Consider how developers will access source control and deployment tools.
Setting up a GitHub Enterprise and Organizations.
Using Personal Access Tokens With an Organization.
Limiting access to specific IP addresses in GitHub. In this case, I am using an elastic IP address deployed in AWS (a static IP address).
Using prefix lists to define a list of GitHub IPs you can use in firewall rules.
And…fixing it after the Microsoft API apparently changed.
Shared code repositories in organizations to enforce code compliance and reduce time to to deploy secure applications.
A related post showing how you can use my code (which you can’t directly change in my repository) in your own code base. Organizations can use this method to provide secure and compliant code developers can incorporate into their own applications.
Separation of Duties on Github
Keeping credentials out of GitHub when programs need them to perform actions at run time.
I wanted to automate the process of creating a static website on AWS S3. Automating the GitHub repository creation is one of the steps.
Populating a repository with files from an AWS S3 bucket.
Github Actions ~ components and threat modeling
Other ways to trigger deployments with integrity checking and backups
I had to fix my Python version and configuration on AWS EC2 to get MFA working with AWS CodeCommit.
Creating a Lambda function and network that can access GitHub Cloud
GuardRails in GitHub. I tried out because I know one of the founders of this company (a very nice guy.) Full disclosure, I did get paid and they sponsored my blog in the process. The concept of preventing mistakes before they get to production is great! This is one way to do it.
Error messages and troubleshooting with git, GitHub, and Code Commit:
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
