- 2023-06-05 ◦ GitHub - lord-denning/Huberman-Lab-Podcast-Transcripts
- Transcripts of episodes 1-30 from the Huberman Lab Podcast
- 2023-06-05 ◦ An educational side project - The Pragmatic Engineer
- 2023-06-05 ◦ EP62: Why Does Google Use Monorepo? - by Alex Xu
- Great comparison between monorepo and microrepo (Microservices)
- 2023-06-05 ◦ GitHub private repos considered private-ish - Tyler Cipriani
- Enable mandatory 2fa within your Github organization (if you don’t use an
organization, you probably should)
Disable the ability to fork repos in your organization
Configure and enable mandatory SAML authentication. In combination with
mandatory 2fa, this makes phishing and even key leakage less likely (specific keys need to be double authorized for SAML, so that random private key you have on a random CI/CD platform from a few years ago can’t access repos in SAML organizations even if it’s leaked)
- Disable the ability to make repos public at the organization level
These are some quick setting changes that should address at least 3 of the 4 main issues in the article.
Enable branch protection on master. Require at least 1 peer review to merge anything in it. Enforce branch restrictions to include repo admins so restrictions can’t be bypassed. This should stop obvious mistakes like accidentally committing .git or random credentials.