- Use a credential manager to protect your access credentials.
- Configure two-factor authentication (2FA).
- Enforce signed commits.
- Protect the release branch.
- Require pull request reviews and approvals.
- Scan source code for sensitive data leaks.
- Scrub leaked secrets from git history.
- Only use trusted GitHub Actions.
- Protect the secrets used by GitHub Actions.
- Review project dependencies for vulnerabilities.
- Patch dependencies with vulnerabilities.
- Scan project source code for vulnerabilities.
- Publish a security policy.
- Collaborate on fixes for security vulnerabilities in private forks.
- Publish maintainer advisories for security fixes.

Most articles only cover the basics so we've attempted to create the "missing manual" for using environment variables in Linux and Mac.

Detect, track and alert on infrastructure drift

Upptime is the open-source uptime monitor and status page, powered entirely by GitHub Actions and Issues.

TL;DR: In this article you will learn how to create clusters on the GCP Google Kubernetes Engine (GKE) with the gcloud CLI and Terraform. By the end of the tutorial, you will automate creating three clusters (dev, staging, prod) complete with the GKE Ingress in a single click.

Dragonfly image service, providing fast, secure and easy access to container images.