← Back to all episodes
Scaling GitHub Actions for Enterprise DevOps: Security, Compliance, and Efficiency
DevOps DevSecOps CI/CD
EP AI 2026-06-30

Scaling GitHub Actions for Enterprise DevOps: Security, Compliance, and Efficiency

In this episode, we dive into the world of GitHub Actions, exploring how to scale and secure this powerful CI/CD tool for enterprise DevOps. From reusable workflows and composite actions to SLSA Level 3 supply chain compliance, we'll cover the key considerations for senior engineers and architects. Join us as we examine the intersection of DevOps, security, and compliance in GitHub Actions.

Speakers: daniel, diana
00:00
00:00
Download Audio

Show Notes

This episode covers various aspects of using GitHub Actions at an enterprise scale, including: - Reusable workflows and composite actions for efficient pipeline management, - Pinning actions by SHA for enhanced security, - OIDC-based cloud authentication without long-lived secrets for improved credential management, - Self-hosted runners with hardened AMIs for secure execution environments, - Achieving SLSA Level 3 supply chain compliance for heightened security standards, - Secrets management with GitHub and Vault for protected sensitive information, - Branch protection rules and required checks for controlled code changes, - Actions usage policies for enterprise organizations to enforce standards and best practices. Referenced tools and further reading include GitHub Actions documentation, SLSA framework, and Vault by HashiCorp.

Key Takeaways

  • Implementing reusable workflows and composite actions in GitHub Actions for efficiency and scalability
  • Enhancing security through pinning actions by SHA and using OIDC-based authentication
  • Achieving SLSA Level 3 compliance for secure software supply chains
  • Effective secrets management with GitHub and external tools like Vault
  • Enforcing enterprise standards with Actions usage policies and branch protection rules

Listener Comments (0)

Join the Discussion

No comments yet. Be the first to share your thoughts!

Topic Pillars

DevOps|DevSecOps|CI/CD #DevOps #DevSecOps #GitHub Actions #SLSA Compliance #CI/CD Security

Related Discussions