Annotation
Modern software development increasingly relies on open-source dependencies, CI/CD pipelines, and automated workflows. This webinar explores the evolving threat landscape surrounding GitHub and GitLab repositories, with a focus on recent software supply chain attacks and new security risks introduced by AI-powered tools and autonomous agents. Participants will learn how attackers exploit repositories, pipelines, and dependencies—and how to defend against these threats using practical security measures, policies, and tools. The session will combine real-world examples with actionable best practices for secure development workflows.
Benefits for the attendees, what will they learn
- Understand recent software supply chain attack vectors targeting GitHub/GitLab (e.g., dependency confusion, malicious commits, workflow poisoning)
- Identify risks related to CI/CD pipelines, secrets exposure, and third-party integrations
- Learn how AI tools and autonomous agents can introduce new attack surfaces (e.g., code generation risks, prompt injection, poisoned training data)
- Apply best practices for repository hardening (branch protection, signing commits, access controls)
- Secure CI/CD pipelines (least privilege, secrets management, artifact integrity)
- Use automated security tools (SAST, dependency scanning, secret scanning) effectively
- Design a secure development lifecycle that integrates human and AI contributions safely
- Gain practical checklists and mitigation strategies applicable immediately in their own projects
Level
Intermediate (suitable for developers, DevOps engineers, and security practitioners with basic familiarity with Git workflows)
Language
English
Prerequisites
- Basic understanding of Git and repositories (GitHub or GitLab)
-
Familiarity with CI/CD concepts is recommended but not required
-
General awareness of software development practices
Tutor
Dominika Regéciová is a Lecturer at IT4Innovations, focusing on the intersection of AI and security. Previously, she worked as a Senior Researcher at Avast. She holds a master's degree in Information Security from the Faculty of Information Technology at Brno University of Technology (FIT BUT). Her work is driven by a passion for bringing formal theory and advanced AI methods into practical, real-world applications with an emphasis on security and reliability.
LUMI AI Factory is funded jointly by the EuroHPC Joint Undertaking, through the European Union's Connecting Europe Facility and the Horizon 2020 research and innovation programme, as well as Finland, the Czech Republic, Poland, Estonia, Norway, and Denmark.
This course was supported by the Ministry of Education, Youth and Sports of the Czech Republic through the e-INFRA CZ (ID:90254).
All presentations and educational materials of this course are provided under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.