Introduction (15 mins)
Introduction to the BSidesLV workshop and the team giving it. We will also cover some basics
around how to ask for help.

Pre-setup Phase (15 mins)
Students will be guided through:
● The basic steps to setup their environment
● Some key concepts that will be covered during the workshop

Security within the IDE (120 mins)
Attendees will learn to integrate security control into their local development environment. These
will act as a first line of defense:
● VSCode IDE plugin configuration and usage
● Setting up pre-commit hooks and exploring libraries to aid with security
● Preventing config files containing secrets, or other sensitive files being committed to a
source code repository.

Scanning the Repository (75 mins)
Attendees will build a simple CI/CD pipeline using GitHub Actions. This will demonstrate how to
introduce techniques such as SAST, secrets scanning and vulnerability detection into the
development process. This phase will include:
● A demonstration of how secret scanning can be performed within the repository using
GitHub native and third party tools
● Detecting security vulnerabilities (CVEs) in the source code repository. A combination of
third party tools and GitHub’s CodeQL will be used to demonstrate these concepts.
● Enabling branch protection rules and PR gating mechanisms in GitHub to ensure best
practices are being followed.
● Dependency analysis and SBOMs. Techniques to review dependencies for security issues
and generate SBOMs are then explored. We will demo how to explore detecting issues in
sub-dependencies such as Log4J.

Wrap-up (15 mins)
● Recap and conclusion.