Outcome¶

🎉🎉 Congratulations! You have completed the Continuous Deployments, the GitHub Way workshop.

Here are what we have learned:

• Multi-layered supply chain security
  • Manage dependency licences with Dependency Reviews
• Use GitHub Advanced Security's code scanning feature to uncover vulnerable code
  • Use Copilot auto-fix to resolve vulnerabilities in a pull request
• Automate software release
  • Automate versioning
  • Create reproducible build
• Generate and verify attestation for build provenance
• Protect against credentials leak, by leveraging GitHub Actions's support for using federated identity when interacting with a Cloud Service Provider