Retour

Blog

Histoires

9 sept. 2024

How We Secured Our GitHub Enterprise and Forgot It Was There—Eating Our Own Dog Food for One Month

Frank Lyonnet

It's been a month since we deployed EDAMAME to secure our Software Development Life Cycle (SDLC), and the most telling sign of its success? Our developers completely forgot it was there. EDAMAME has seamlessly integrated into our workflow, silently protecting our GitHub Enterprise repos, CI/CD runners, and test environments—all without any disruptions to productivity. Yet, we have full visibility into how our code is accessed, and we’re significantly reducing the risks of supply chain attacks or code leaks.

From day one, EDAMAME provided real-time monitoring and enforcement of security standards without adding friction to our development process. This is essential in a fast-paced environment where security can often feel like an afterthought—but it’s never something we can afford to overlook.

What We've Learned After One Month

EDAMAME has quietly been enforcing Zero Trust security, offering our team the peace of mind that comes with knowing every access point is secure. We now have detailed insights into every test machine used in the SDLC, and we know exactly where our GitHub runners are hosted—whether in the US or Europe. This level of visibility helps us ensure that every machine accessing our code adheres to strict security protocols, something manual monitoring simply can't achieve at this scale.

Real-World Example: Automatic Hardening on CI/CD Runners

A key moment during this month-long deployment came when we discovered that Remote Desktop Protocol (RDP) was enabled by default on some Windows runners. While this may be a minor oversight for general use cases, it poses a significant security risk in our SDLC environment. Fortunately, EDAMAME’s automated hardening procedures immediately disabled RDP, ensuring that potential vulnerabilities were fixed without any need for manual intervention. This is exactly what makes EDAMAME so effective—it anticipates and resolves security issues automatically, removing human error from the equation.

This silent, automatic action means developers aren’t disrupted. They continued their work without even realizing a potential vulnerability had been neutralized. No more worrying about family devices or unsecured personal machines accessing our critical code—EDAMAME ensures everything is compliant, secure, and under control.

Full Visibility and Control of GitHub Enterprise: Secured in 5 Minutes

The process of integrating EDAMAME into our GitHub Enterprise environment was incredibly fast and straightforward. In less than 5 minutes, we went from zero to full Zero Trust security across our repos and CI/CD pipelines. Here’s how simple it was:

  1. Create a domain in EDAMAME and verify it.

  2. Set up conditional access rules for different OS environments (macOS, Windows, Linux, etc.).

  3. Generate a restricted access token in GitHub.

  4. Configure the integration between EDAMAME and GitHub, allowing EDAMAME to monitor and enforce security policies.

  5. Enable the IP allow list on GitHub.

Once these steps were completed, EDAMAME’s real-time monitoring took over. Whether it’s CI/CD runners or developer devices, EDAMAME now gives us complete visibility and control over who is accessing our code, and from where. Every device, every runner, and every process is now monitored to ensure only authorized, secure machines are allowed to interact with our sensitive resources.

Zero Trust Without the Hassle

One of the most remarkable aspects of using EDAMAME is that it delivers comprehensive security without interrupting our daily operations. It has been silently working in the background, hardening our infrastructure and protecting our code, all while being practically invisible to the development team. This lack of friction is a critical advantage, as security measures often slow down teams or create extra hurdles for developers—but with EDAMAME, it’s as if nothing changed. Except, of course, for the fact that we’re now much more secure.

In a time when supply chain attacks are becoming more frequent and more damaging, this peace of mind is invaluable. We can now move forward with full confidence that our development environments, CI/CD pipelines, and repositories are fully protected by Zero Trust security standards.

The Value of EDAMAME for Your SDLC

For anyone managing a GitHub Enterprise setup or overseeing CI/CD pipelines, EDAMAME offers a quick and easy solution to securing your entire SDLC. The platform was up and running in less than 5 minutes, and since then, it has been enforcing security standards and protecting our resources without any manual effort on our part. It catches potential vulnerabilities—like RDP being enabled by default—and fixes them without interrupting workflows.

Whether you’re dealing with personal developer devices, BYOD policies, or distributed teams across multiple regions, EDAMAME ensures that only secure, compliant devices can access your repositories and code. And the best part? It does this without the hassle often associated with traditional security solutions.

If you’re looking to transform your development process with Zero Trust security that just works, EDAMAME is the solution you need. Try it for yourself and see how it can effortlessly secure your GitHub Enterprise repos and CI/CD pipelines while keeping your teams productive and your code safe.

Frank Lyonnet

Partager cette publication