Is a GitHub Project Safe? - Supply Chain Cyber Security

Millions of malicious repositories have been uploaded to GitHub — and while GitHub works hard to remove them, not all are caught. So how do you know the code you’re downloading isn’t harboring malware, stealing your API keys, or even deploying ransomware? In this video, I’ll show you how to evaluate the trustworthiness of GitHub repositories, spot signs of malicious code, and protect yourself from hidden threats inside open-source projects. The GitHub Trust Cheat Sheet: https://subscribepage.io/6hWxWu What You’ll Learn: - How attackers use GitHub to spread malicious code - Signs a repository might not be trustworthy - How to spot risky dependencies - Practical checks you can perform to build trust in a repository - Tools and commands to run dependency and vulnerability scans for .NET, npm, and Java and more - Why static analysis tools like Semgrep can help detect suspicious behavior #cybersecurity #cybersecuritynews #securecoding Checkout my Pluralsight courses on software dev / security: https://link.devsecforge.com/ps-auth Chapters: 0:00 Reasons to be suspicious 2:08 Building a picture of trust 3:17 Off-repository malicious code 3:59 Searching code for keywords 4:17 Static code analysis 5:01 Checking dependencies 5:32 Layers of security