Securing GitHub & GitLab Repositories in the Era of Supply Chain Attacks and AI Agents

Modern software development increasingly relies on open-source dependencies, CI/CD pipelines, and automated workflows. This webinar explores the evolving threat landscape surrounding GitHub and GitLab repositories, with a focus on recent software supply chain attacks and new security risks introduced by AI-powered tools and autonomous agents.

Participants will learn how attackers exploit repositories, pipelines, and dependencies — and how to defend against these threats using practical security measures, policies, and tools. The session will combine real-world examples with actionable best practices for secure development workflows.

Benefits for the attendees, what will they learn:

• Understand recent software supply chain attack vectors targeting GitHub/GitLab (e.g., dependency confusion, malicious commits, workflow poisoning)
• Identify risks related to CI/CD pipelines, secrets exposure, and third-party integrations
• Learn how AI tools and autonomous agents can introduce new attack surfaces (e.g., code generation risks, prompt injection, poisoned training data)
• Apply best practices for repository hardening (branch protection, signing commits, access controls)
• Secure CI/CD pipelines (least privilege, secrets management, artifact integrity)
• Use automated security tools (SAST, dependency scanning, secret scanning) effectively
• Design a secure development lifecycle that integrates human and AI contributions safely
• Gain practical checklists and mitigation strategies applicable immediately in their own projects

Level

Intermediate (suitable for developers, DevOps engineers, and security practitioners with basic familiarity with Git workflows)