Enhancing Organizational Security with GitHub Auditor

xenon partners ucsb cs 189 capstone proposal n.w
1 / 10
Embed
Share

"Learn how GitHub Auditor provides CSOs and CTOs with valuable insights into GitHub organizations, enabling proactive security measures. Real-time alerts, API integrations, and advanced authentication mechanisms make this project valuable for managing multiple organizational accounts efficiently."

  • Security
  • GitHub Auditor
  • Dashboard
  • API Integrations
  • Real-Time Alerts
rayaanacharya
kezi_7 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Xenon Partners//UCSB CS-189 Capstone Proposal Organizational Security Dashboard Friday, 1 October 2021 donnie@xenon.io jason.gilmore@xenon.io

  2. Donnie Hasseltine About About Donnie Hasseltine serves as CSO of Xenon Partners, and the General Manager of PackageCloud. Prior to joining Xenon Partners, he served as a Marine Corps officer for 22 years with combat service in Kosovo, Iraq, and Afghanistan. Donnie currently serves as the Information Technology Sector Chief for the Bay Area Chapter for InfraGard, a public-private partnership with the FBI to protect U.S. critical Infrastructure. He is a board member of the Marine Reconnaissance Foundation and the Athena Leadership Project, and is a team mentor for Stanford University's annual Hacking4Defense course. https://www.linkedin.com/in/george-d-hasseltine/

  3. Jason Gilmore About Jason Gilmore serves as CTO of DreamFactory Software, and is a Principal at Xenon Partners. Prior to joining Xenon Partners, Jason led software teams in the telecom, publishing, environmental, and interior design industries. He's the author of nine books, including the bestselling "Beginning PHP and MySQL", "Easy Laravel 5", and "Easy E-Commerce with Laravel and Stripe". Jason is cofounder of the popular CodeMash Conference, a multi-disciplinary software conference held in one of the country's largest indoor water parks. Away from his keyboard he's probably thinking about software. https://www.linkedin.com/in/wjgilmore/

  4. Project Proposal The Problem: CSOs, CTOs, and departmental managers do not possess sufficient insights into GitHub organizations, particularly when a company relies upon multiple organizations. Case Study: Xenon Partners manages a portfolio of 9 companies. Each company separately manages a GitHub organization. The CSO and portfolio company CTOs do not possess a simple means to audit and proactively respond to potential security issues due to a lack of easy insights into issues such as 2FA, pending subscription renewals, third-party contributions, etc.

  5. Enter GitHub Auditor GitHub Auditor is an umbrella dashboard that presents insights into one or more organizational accounts, reporting on the following items such as: 2FA requirement Outside contributors Dependabot alerts Pull requests lacking an assigned reviewer Repositories contain sensitive information such as API keys or passwords Alerts can be configured to notify pertinent parties about potential issues.

  6. Why is this Project Cool? Dashboards! API integrations! Real-time alerts sent to email and Slack! Text-processing (and possibly ML)! Security and advanced authentication (OAuth and API keys)! Popular developer platforms like GitHub and AWS!

  7. Other Potential Integrations Depending on the progress and timeline, there are multiple other potential integrations that would be helpful for security oversight SSL/TLS/cipher verification checks Tie repository to deployment if a website or web application. Domain status Email Security (SPF/DMARC/DKIM) Google Workspace (MFA adoption, password policy)

  8. Project Communications Dedicated Slack channel Periodic Zoom-based check-ins Asynchronous architectural and code reviews

  9. Addendum: Implementation Ideas Web framework like Laravel or Ruby on Rails Database like MySQL Redis for job queues GitHub OAuth (or API key) GitHub API Mailgun or similar for transactional emails Something (Python) for text processing in order to audit code for API keys

  10. Addendum: Example GitHub API Output

Related


5 Best Dashboard Software Solutions of 2024_ Unleash Your Data's Full Potential

5 Best Dashboard Software Solutions of 2024_ Unleash Your Data's Full Potential

gogrow
The Ultimate BI Dashboard Tools Comparison_ Which One Is Right for Your Business_

The Ultimate BI Dashboard Tools Comparison_ Which One Is Right for Your Business_

gogrow
Five Steps to Achieve Seamless Data Integration with Your Dashboard Tool

Five Steps to Achieve Seamless Data Integration with Your Dashboard Tool

gogrow
Buy Car Dashboard Decor Items | Car Dashboard Accessories – theartarium

Buy Car Dashboard Decor Items | Car Dashboard Accessories – theartarium

Nilesh
Assessment and Accountability Information Meeting Highlights

Assessment and Accountability Information Meeting Highlights

enya
Enhance Software Security with SAMM 2.0 Dashboard

Enhance Software Security with SAMM 2.0 Dashboard

scottie
Virginia Perspective 2020 State Supervised Eligibility Dashboard

Virginia Perspective 2020 State Supervised Eligibility Dashboard

ayra
WebCMS 10.0 Dashboard Features and Functions

WebCMS 10.0 Dashboard Features and Functions

adele
Professional Standards Management Information Dashboard - May 2022 Update

Professional Standards Management Information Dashboard - May 2022 Update

isaiah
Monitoring Progress of SDG-3 Health Dashboard in India

Monitoring Progress of SDG-3 Health Dashboard in India

mohamed
Chemical Properties and Bonding in Xenon: A Study of Noble Gases

Chemical Properties and Bonding in Xenon: A Study of Noble Gases

mandy
Healthy Longevity Dashboard for Sierra Leone

Healthy Longevity Dashboard for Sierra Leone

hajra
Don’t Implement a BI Dashboard Tool Without Understanding These Key Performance Metrics

Don’t Implement a BI Dashboard Tool Without Understanding These Key Performance Metrics

gogrow
Advancements in Doping Liquid Argon with Xenon: Historical Overview

Advancements in Doping Liquid Argon with Xenon: Historical Overview

ansleygu
A Guide to Talking with Parents About the California School Dashboard

A Guide to Talking with Parents About the California School Dashboard

opel_l
Dashboard Terminology for December 2020

Dashboard Terminology for December 2020

kaizl
Enhancing Dashboard Creativity and Widget Usage for Effective Data Management

Enhancing Dashboard Creativity and Widget Usage for Effective Data Management

devi_197
CalSAWS Implementation Readiness Dashboard Summary

CalSAWS Implementation Readiness Dashboard Summary

eziah
Monitoring Lift Passenger Traffic in EMSD HQS

Monitoring Lift Passenger Traffic in EMSD HQS

mcko_l
Important Policies and Resources for UCSB and COE Students

Important Policies and Resources for UCSB and COE Students

vien_is
Guide to UCSB Biological Safety Program

Guide to UCSB Biological Safety Program

maro938
MHCLG Online Data Dashboard - Empowering Better Decision Making

MHCLG Online Data Dashboard - Empowering Better Decision Making

showl

More Related Content