// DevSecOps

Quoted as a GitHub expert on the importance of integrating security tooling into development lifecycle and the role of AI in secure coding practices.

In this stream, Chris catches up on several weeks of GitHub updates including the remote MCP server preview and Copilot coding agent for business users. The live coding session demonstrates adding internationalization to the Copilot Airways app using Copilot coding agent, custom VS Code chat modes for planning, and agent mode in Xcode for iOS development.

This episode dives deep into GitHub Advanced Security's new standalone Secret Protection and Code Security products. Chris demos secret scanning, push protection, custom patterns, and the free secret risk assessment report, then shows off a GitHub-themed brick breaker game powered by real contribution graph data.

Introduces GitHub push rulesets, a governance feature that restricts what can be pushed to a repository based on the attributes of changed files—including path, extension, and size. The video demonstrates protecting sensitive files such as GitHub Actions workflow files, configuring bypass rules for designated roles, viewing blocked-push and bypass insights, and explains that push rules are enforced across the entire fork network of a repository.

Introduces GitHub's Private Mirrors App, a self-hosted or GitHub-managed tool that helps organizations contribute to open source projects while managing compliance, legal, and security risk. The app creates private mirrors mapped to public forks, enabling teams to run CI/CD checks and policy enforcement before syncing changes back to the public fork for upstream contribution. The video demonstrates forking an upstream project, configuring multiple team mirrors, and integrating with an Enterprise Managed Users organization.

GitHub is well-known for version control, and its work with the open source community. But did you know you can use GitHub throughout your development lifecycle? Join Chris Reddington from GitHub's Developer Relations team as he explores how you can use GitHub to plan, code, build, and deploy your work. Learn how the platform comes together in GitHub Issues, Projects, Codespaces, Actions, Copilot and Advanced Security!

Discovering passwords in our codebase is probably one of our worst fears as a developer. But, what if you didn't need passwords at all? Join Chris, as he explores how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely.

Many of you may be familiar with GitHub for your own Open Source (OSS) projects. But, did you know that you can run your end-to-end development within your organization using GitHub Enterprise? Join Chris for a whistle-stop tour in the day-in-the-life of a developer with GitHub Codespaces, GitHub Copilot, GitHub Actions and GitHub Advanced Security, showing how you can bring Open Source best practices into your day-to-day work (also known as InnerSource)!

Chris Nesbitt-Smith traces how governance policies are typically born — emotionally, reactively, and as one-shot documents — then shows how applying software engineering principles transforms policy into a living, versioned artefact. The talk covers iterative policy management, Kubernetes admission control, open-source policy tooling, and the cultural shift required to make policy genuinely effective rather than just technically compliant.

A new phenomenon stand out in recent years: security must pervade the entire software development lifecycle. Except it isn't. Current generation of processes and tools is lacking crucial features to properly manage modern security risks. Think of the Log4J event. Were you able to identify all affected components? Were they internally developed, or you need a vendor support? How fast you were able to deliver a fix? In this talk we'll explore the challenges, what you can do with current tools, and which gaps should be addressed by communities through better practices and new tools.