DeepSec 2025 Talk: GitHub Security at Scale: One Opensource Tool to Rule Them All – Sina Yazdanmehr & Hugo Baccino
Managing GitHub security across all organizations and repositories within a company can be challenging. Mis-configured settings, hard-coded secrets, and outdated dependencies often go unnoticed, creating critical security gaps. In this session, we introduce an open source tool built to help companies secure their GitHub environments at scale. The tool runs security posture checks across organization and repository levels, scans for hard-coded secrets, performs Software Composition Analysis (SCA), validates security rule sets, detects misconfigurations, and generates a single comprehensive report. The report not only identifies risks but also provides actionable remediation steps, helping teams prioritize and address issues effectively. By using this tool, companies gain a complete view of their GitHub security posture across all organizations and repositories, making it easier to maintain strong security without adding complexity. This talk is also an open invitation