Here you will find information on how to use GIT securely in development work. This repository is the result of our team actively developing a pure GIT / GitHub infrastructure for repository optimization and automation during which we encountered security challenges. Here we attempt to help any developer to use GIT and GitHub more securely.
This is a WIP repository where we will be adding new things as we keep developing. Challenges that we are facing in terms of security will be registered here.
Topics that are covered among others:
- GPG and how we use it for projects.
- GPG basic and more advanced uses in relation to GIT and GitHub.
- GitHub secrets, tokens, etc.
- GIT vs GitHub differences.
- etc.
You can find all the articles here:
https://nautilus-cyberneering.github.io/secure-git-guide/
If you would like to contribute with your experience, have a question or would like to make a correction or suggestion. You are more than welcome.
We encourage you to tell us. This is a team effort meant to benefit everyone.
If you would like to do so, please go and open a discussion on the topic, challenge you are facing, improvement we could make etc. We are all ears.
The way we work is simple:
- A new discussion is opened
- We discuss it publicly with you
- If it makes a new addition to the guide we create an issue.
- You can create the new document or extend or amend an existing one
Here is the link to setting up a new discussion, we look forward to it: https://github.com/Nautilus-Cyberneering/secure-git-guide/discussions.
We will be eternally thankful and add you to our credits at the bottom of our index.
Install dependencies with npm install
(or pnpm install
or yarn
). To start a development server:
npm run dev
# or start the server and open the app in a new browser tab
npm run dev -- --open