{"id":2633,"date":"2018-08-29T12:13:15","date_gmt":"2018-08-29T16:13:15","guid":{"rendered":"https:\/\/solutionsreview.com\/cloud-platforms\/?p=2633"},"modified":"2018-08-29T12:32:15","modified_gmt":"2018-08-29T16:32:15","slug":"github-security","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/","title":{"rendered":"The Best Ways to Increase Security When Using GitHub"},"content":{"rendered":"<p style=\"text-align: justify\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2634\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb.jpg\" alt=\"github security\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb.jpg 800w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb-300x150.jpg 300w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb-768x384.jpg 768w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb-540x270.jpg 540w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb-162x81.jpg 162w, https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><br \/>\nThe modern IT space has completely changed the way developers approach writing code. The demand for faster releases and updates lead many to harness public repositories like <a href=\"https:\/\/github.com\/\" target=\"_blank\" rel=\"noopener\">GitHub<\/a>.<\/p>\n<p style=\"text-align: justify\">GitHub users store and manage source code for easy access. It also provides an easy to use dashboard for users to find their ideal code or applications. Unfortunately, public repositories introduce a variety of new vulnerabilities.<\/p>\n<p style=\"text-align: justify\">Due to GitHub\u2019s popularity, we\u2019ve decided to focus on them for this article. These tips apply to any public repository one may use.<\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"msp-speedbump\" title=\"Download link to Managed Service Providers Buyers Guide\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/managed-service-provider-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/07\/Managed-Service-Providers-Speedbump-1.jpg\" alt=\"Download Link to Managed Service Providers Buyers Guide\" width=\"771\" height=\"170\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<h5 style=\"text-align: justify\"><strong>Casual Access <\/strong><\/h5>\n<p style=\"text-align: justify\">Many issues come from developers being too casual while using GitHub. Due to its public nature, organizations often deal with unauthorized access. Some developers gain access from personal email accounts, which can be easier to hack into. This also introduces access risk when an employee leaves the company.<\/p>\n<p style=\"text-align: justify\">Additionally, access management becomes lackadaisical when developers gain access to every repository, rather than their specific focus. To ensure security in this regard, identity access management tools come in handy.<\/p>\n<p style=\"text-align: justify\">Managed service providers (MSP) help customers set up who can access what. They can also provide users with monitoring tools, fully managed by the MSP.<\/p>\n<p style=\"text-align: justify\">Mark Brooks of <a href=\"https:\/\/www.alertlogic.com\/\" target=\"_blank\" rel=\"noopener\">Alert Logic<\/a> stated in <a href=\"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-concerns\/\" target=\"_blank\" rel=\"noopener\">our recent interview:<\/a><\/p>\n<p style=\"text-align: justify\">\u201cPublic repositories tend to introduce a long tail of inherited vulnerabilities that increase a customer\u2019s attack surface. DevOps and security teams should run internal and external vulnerability scans and reports to monitor on-premises, hosted and cloud environments with continuous updates to more than 92,000 Common Vulnerabilities and Exposures (CVEs) in software and certain network components.\u201d<\/p>\n<h5 style=\"text-align: justify\"><strong>Security Checks<\/strong><\/h5>\n<p style=\"text-align: justify\">GitHub users must always maintain security best practices. It cannot be a simple one-step process where code is checked and approved. Consistent monitoring of stored code alerts users to logins from unusual locations, abnormal changes in stored code, and more.<\/p>\n<p style=\"text-align: justify\">GitHub logs must be collected to ensure consistency. Furthermore, users must develop a multistep process for maintaining security.<\/p>\n<p style=\"text-align: justify\">Kris Raney from <a href=\"https:\/\/www.ixiacom.com\/\" target=\"_blank\" rel=\"noopener\">Ixia<\/a> and Keysight Technologies <a href=\"https:\/\/solutionsreview.com\/cloud-platforms\/state-of-container-security\/\" target=\"_blank\" rel=\"noopener\">told us:<\/a><\/p>\n<p style=\"text-align: justify\">&#8220;First, you need to be sure you\u2019re confident in what you\u2019re getting. And don\u2019t just do these checks up front, they need to be built into your automation so that they keep happening as updates happen and things change.<\/p>\n<p style=\"text-align: justify\">Second, you should trust but verify. There are occurrences throughout the history of the industry where despite all the checks, a compromised executable makes it into a \u201cverified\u201d payload.<\/p>\n<p style=\"text-align: justify\">You don\u2019t want to think of your checks in binary terms. \u201cThis passed the checks,\u201d dust off your hands, \u201cdone deal.\u201d Instead, you should think of it in layers and probabilities. We verified the image, so that lowers the probability of compromise. Then we\u2019re going to watch the behavior, and that lowers the probability some more. You never get it completely to zero. But the more things you do, the lower the probability gets.&#8221;<\/p>\n<h5 style=\"text-align: justify\"><strong>Container Resources<\/strong><\/h5>\n<p style=\"text-align: justify\">Many IT teams see containers and Kubernetes as a necessary tool to optimize workloads.\u00a0<a href=\"https:\/\/solutionsreview.com\/cloud-platforms\/kubernetes-worloads\/\">Containers make the development pipeline much simpler<\/a>. It also allows developers to have an extensive community to work with, as Kubernetes is open source and there are components throughout other development libraries.<\/p>\n<p style=\"text-align: justify\">Containers are notoriously difficult to manage internally. Furthermore, they can difficult to implement at all without the right expertise. Using public repositories increases the difficulty and risk.<\/p>\n<p style=\"text-align: justify\">Managed service providers can build personalized container management tools, so enterprises don\u2019t have to worry. Each enterprise wants different functionality for container workloads, but each must maintain security to maintain value. MSPs manage security maintenance so developers can focus on developing.<\/p>\n<p style=\"text-align: justify\"><a href=\"https:\/\/divvycloud.com\/\" target=\"_blank\" rel=\"noopener\">DivvyCloud<\/a> CEO, Brian Johnson, <a href=\"https:\/\/solutionsreview.com\/cloud-platforms\/container-security-divvycloud\/\" target=\"_blank\" rel=\"noopener\">discussed container security concerns with us:<\/a><\/p>\n<p style=\"text-align: justify\">\u201cIf the concern is that a container in a public repository has been compromised, developers can create sha256 hash sums of their containers and share the hash through their website. If the worry is that a docker \u201cprivate\u201d repository would be accessible to someone who doesn\u2019t have access, then I would highly recommend exploring two-factor options.\u201d<\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"msp-speedbump\" title=\"Download link to Managed Service Providers Buyers Guide\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/managed-service-provider-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/07\/Managed-Service-Providers-Speedbump-1.jpg\" alt=\"Download Link to Managed Service Providers Buyers Guide\" width=\"771\" height=\"170\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The modern IT space has completely changed the way developers approach writing code. The demand for faster releases and updates lead many to harness public repositories like GitHub. GitHub users store and manage source code for easy access. It also provides an easy to use dashboard for users to find their ideal code or applications. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2634,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[2],"tags":[750,805,809,115,837,782,455,793,795,651,79],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Best Ways To Increase Security When Using Github<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Doug Atkinson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/\",\"name\":\"The Best Ways To Increase Security When Using Github\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb.jpg\",\"datePublished\":\"2018-08-29T16:13:15+00:00\",\"dateModified\":\"2018-08-29T16:32:15+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae\"},\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb.jpg\",\"width\":800,\"height\":400,\"caption\":\"github security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/cloud-platforms\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Best Ways to Increase Security When Using GitHub\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#website\",\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/\",\"name\":\"Cloud Platforms &amp; Infrastructure Services | Solutions Review\",\"description\":\"Evaluating Hyperscale Cloud Providers, Hybrid IaaS, PaaS &amp; Cloud Management Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/cloud-platforms\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae\",\"name\":\"Doug Atkinson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=blank&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=blank&r=g\",\"caption\":\"Doug Atkinson\"},\"description\":\"An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.\",\"sameAs\":[\"https:\/\/solutionsreview.com\"],\"url\":\"https:\/\/solutionsreview.com\/cloud-platforms\/author\/doug-atkinson-4\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Best Ways To Increase Security When Using Github","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/","twitter_misc":{"Written by":"Doug Atkinson","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/","url":"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/","name":"The Best Ways To Increase Security When Using Github","isPartOf":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb.jpg","datePublished":"2018-08-29T16:13:15+00:00","dateModified":"2018-08-29T16:32:15+00:00","author":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae"},"breadcrumb":{"@id":"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/#primaryimage","url":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb.jpg","contentUrl":"https:\/\/solutionsreview.com\/cloud-platforms\/files\/2018\/08\/barb.jpg","width":800,"height":400,"caption":"github security"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/github-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/cloud-platforms\/"},{"@type":"ListItem","position":2,"name":"The Best Ways to Increase Security When Using GitHub"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#website","url":"https:\/\/solutionsreview.com\/cloud-platforms\/","name":"Cloud Platforms &amp; Infrastructure Services | Solutions Review","description":"Evaluating Hyperscale Cloud Providers, Hybrid IaaS, PaaS &amp; Cloud Management Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/cloud-platforms\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae","name":"Doug Atkinson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/cloud-platforms\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=blank&r=g","caption":"Doug Atkinson"},"description":"An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.","sameAs":["https:\/\/solutionsreview.com"],"url":"https:\/\/solutionsreview.com\/cloud-platforms\/author\/doug-atkinson-4\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts\/2633"}],"collection":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/comments?post=2633"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/posts\/2633\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/media\/2634"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/media?parent=2633"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/categories?post=2633"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/cloud-platforms\/wp-json\/wp\/v2\/tags?post=2633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}