Git Product home page Git Product logo

security-on-github's Introduction

Hi 👋, I'm Armand LEOPOLD

Founder & CEO @ QALITA

👨 Whoami

twitter linkedin email

Actuellement je suis Fondateur d'une entreprise spécialisé dans l'assurance qualité des données.

Je reste un Ingénieur et développeur passionné depuis plus de 12 ans.

👉 Compétences

Domaines Technologies
Web HTML, CSS, PHP, SQL, FastAPI, React, NextJS
Data Science Python, R, SAS, Scikit-Learn, Pandas, Jupyter, Spark
Data Engineering Spark, Airflow, Talend, Kafka, Hadoop, Hive, HDFS, HBase, Cassandra, Elasticsearch, Redis, Janusgraph, Geoserver, Kibana, Jupyter, Docker, Kubernetes, Helm, Terraform, Vault, ArgoCD
DevSecOps Git, Github, Gitlab, Docker, Kubernetes, Helm, Terraform, Vault, ArgoCD, Airflow
Dev Tools VSCode, ChatGPT
Design Tools Figma, Webflow
Knowledge / BI / Visualization Tools Notion, Kibana
BDD MySQL, PostgreSQL, Elasticsearch, Redis, Cassandra, Janusgraph, Geoserver
Cloud AWS, Azure, GCP, OVH
Langages HTML, CSS, PHP, C, Python, R, Scala, Java, React, NextJS
Frameworks DevOps, Scrum

Web

Figma Webflow Notion React NextJS NextJS

Data Science/Engineering/Analysis

Jupyterlab Scikit Learn Spark Pandas SAS Airflow Kibana Superset

BDD

MySQL PostgreSQL Elasticsearch Redis Cassandra Janusgraph Geoserver

DevSecOps

Git Github Gitlab Docker Helm Kubernetes Terraform Vault ArgoCD

Cloud

AWS Azure GCP OVH

Langages

HTML CSS Android C Php SQL Python R Scala Java

Frameworks & Dev Tools

Visual Studio Code ChatGPT DevOps Scrum

CV détaillé

EXPERIENCE PROFESSIONNELLE

Avril. 2023 – Aujourd'hui | Fondateur & CEO | QALITA

{CDI}

  • Création d'activité Entrepreneuriale
  • Prestation de services : gestion de la qualité des données, entrepôts de données de santé.
  • Développement d'une Plateforme de gestion de la qualité des données.
  • Accompagnement auprès des clients de leur processus de gestion de leurs entrepôts de données.

Oct. 2022 – Avril. 2023 | Head of Data Factory | Institut Curie

{CDI}

  • Animation d'une équipe de 5 Data Ingénieurs / Data Scientist pour piloter la réalisation des projets scientifiques et collaborations avec les industriels
  • Participer à la valorisation du patrimoine de donnée de l'institut curie
  • Participer à la définition et à la mise en place technique de l'EDS (Entrepôt de Données de Santé)

Sept. 2020 – Sept. 2022 | DevOps Engineer | Institut Curie

{CDI}

  • J'ai guidé et aidé à prendre des décisions stratégiques sur le développement logiciel ou l'architecture technique de la direction des données.
  • J'ai mis en place une politique de développement et d'intégration continue en accompagnant mes collègues dans l'utilisation d'outils de versionnage : Git / Gitlab et de pipelines de CI/CD.
  • J'ai mis en place une suite de monitoring. Gitlab-monitor, Statuspage, Kibana.
  • J'ai partagé la vision et les pratiques devops en menant des présentations internes et externes.
  • J'ai assuré la transition et le support sur les outils et pratiques en lien avec la direction des systèmes d'information.

Mars. 2019 – Aout. 2020 | Data Engineer | Institut Curie

{CDD}

Knowledge in : CI/CD , DevOps, Cloud, Helm, Kubernetes, Gitlab, health data (Anatomopathology / MRI / PET-SCAN), Talend, Java, Python, Jupyter, Elasticsearch, Docker, Blockchain , Federated AI , Artificial Intelligence. Hyperledger, HTML/CSS/PHP, Maven, Nexus.

  • J'ai participé au projet #Healthchain dont ma mission était d'élaborer la base de donnée de curie pour le projet, en récupérant et agrégeant des données cliniques et d'imagerie.
  • J'ai échangé avec mes homologues du Centre Léon Bérard pour l'harmonisation sur les formats de données.
  • J'ai participé et donner mes retours sur l'intégration d'une plateforme de machine learning fédérée développé par #Owkin, à l'époque jeune startup de moins de 30 personnes.
  • J'ai participé aux sujets juridiques de valorisation des modèles de machine learning.
  • J'ai participé à la publication dans Nature Medicine d'un article sur une question scientifique utilisant la base de donnée développé.
  • J'ai développé un outil de mesure, d'analyse et de contrôle de la qualité des données sur plusieurs bases de donnée dont celle de mon projet.

Oct. 2017 – Feb. 2019 | Data Scientist | THALES

{CDI}

A Paris - Vélizy :

  • J'ai réalisé des travaux d'analyse de graph sociaux à partir de données en sources ouvertes pour les services de renseignements.
  • J'ai appliqué des algorithmes d'intelligence artificielles.
  • J'ai mené à bien des travaux de traitement du langage naturel.
  • J'ai participé à un grand projet de Plateforme de données pour l'armée française, spécifiquement sur la partie cas d'usages et Data Science.

A Toulouse - Labège :

  • J'ai analysé des données de vols pour faciliter la maintenance des avions d'une flotte portugaise (A320 family).
  • J'ai fais du traitement et de l'ingestion de plans de vols avec élaboration de tableaux de bords interactif Kibana pour la DSNA DTI organisme du gouvernement pour la gestion efficace du trafic aérien en France.

Sept. 2016 – Sept. 2017 | Data Analyst | Crédit Agricole

{Contrat de Professionnalisation}

  • Réalisation de scores et d'indicateurs analytiques pour la gestion de la relation client (CRM). Data mining, machine learning.
  • J'ai eu l'occasion d'aller travailler au DataLab du Crédit Agricole, entité Nationale basée à Montrouge, pour collaborer avec des chercheurs en intelligence artificielle et en traitement de la donnée. A cette occasion, j'ai pu travailler sur une base de panel de consommateurs pour étudier des hypothèses en gestion de relation client, j'ai ensuite fais des retours à ma direction sur ces sujets lors de présentations formelles.

Logiciel utilisés : RStudio, Python (Jupyter Notebook), SAS Enterprise Guide & Miner, SAP Business Object. Fortes compétences en langages : R, Python, SQL, SAS.

Jun. 2016 – Sept. 2016 | Short Term Researcher | Illinois Institute of Technology

{Stage de Recherche en Université}

BigDataX Laboratory / Computer Science department. Research subject : Wearable Computing BIG-DATA Architecture. Made a Research on developping a Big-Data System Architecture for carrying big amount of wearable devices data in stream and storage. Using Amazon Web Services (AWS) ,Scala, Apache Spark, Apache Cassandra and Android JDK.

Jun. 2015 – Jun. 2016 | President | Junior Etudes ESIGELEC

{Mandat Associatif}

Restructuration of my school's Junior Enterprise, fiscal rebalancing, archiving and redesigning activity areas, process remodelling and reorganisation. Managing a 6 people team. Application to the Junior Entreprises mouvement. Ability in Team Managment, taxation, legal rules and status, accounting, Project Managment.

Nov. 2014 – May. 2016 | Full Stack Dev | Freelance

{Mandat Associatif}

Supervisation and developpment of my school's student dedicated website. Migration to a new responsive and more modern version. Establishing a communication plan for increasing frequentation and traffic on the site. Improving communication between student inner school organisations Strong Knowledge in HTML(5) , CSS(3), PHP(5.3 to 7), MySQL, JQuery, Bootstrap, Foundation, Web Design & Development, Analytics. In 2 years, 3/4 of students subscribed to the website and increasing traffic by thousands of percents.

FORMATION

2014 - 2017 – Diplôme d'Ingénieur – ESIGELEC - Rouen

Ecole d’ingénieur généraliste : Dominante BDTN (Big-Data et Transformation Numérique) Top classement en informatique : (8/304) Activités et associations : Club de Musique, Junior Etudes, Club de robotique, Club d'informatique, Club de Théatre.

2012 - 2014 : Prépa PCSI/MPSI – ESIGELEC - Rouen

Prépa intégré selection concours Advance. Major de promotion en Informatique : (1/120)

2009 - 2012 : BAC STI Electrotechnique – Lycée Marie Curie à Nogent sur Oise

Niveau : Mention Très Bien (With Honors) Activités et associations : Délégué en classe de Terminal.

LANGUES

🇫🇷 🇬🇧

LOISIRS

Piano, Running, Cinéma, Voyages, Science, Histoire, Géopolitique

security-on-github's People

Contributors

a-a-ron avatar armandleopold avatar crichid avatar hectorsector avatar

Watchers

avatar avatar

security-on-github's Issues

Find repository vulnerabilities

Finding vulnerable dependencies

Security vulnerabilities can cause a range of problems for your project or the people who use it. A vulnerability could affect the confidentiality, integrity, or availability of a project. Sometimes vulnerabilities aren't in the code you write, but in the code your project depends on. Staying up-to-date with the most recent versions is the best line of defense.

This repository has some existing dependencies which will need updating to stay secure.

How can we identify dependencies and if they are vulnerable?

This repository is a Node.js project utilizing NPM. Because of that, the package.json defines this repository's dependencies. For our time together, we'll be focusing on these JavaScript dependencies. Keep in mind that different programming languages may have different dependency files. You might work with a Gemfile, Gemfile.lock, *.gemspec, requirements.txt, pipfile.lock, or other files.

How can we know these dependencies are secure? It's not always easy, but GitHub is watching out.

GitHub's security alerts for vulnerable dependencies

You may notice some alerts from GitHub about this repository. You may get an email, or see a yellow bar warning you about the package.json file.

dependency vulnerability alert

GitHub tracks public vulnerabilities in Ruby gems, NPM, Python, Java, and .Net packages.

GitHub receives a notification of a newly-announced vulnerability. Next, we check for repositories that use the affected version of that dependency. We send security alerts to a set of people within those affected repositories. The owners are contacted by default. But, it's possible to configure specific teams or individuals to get these important notifications.

GitHub never publicly discloses identified vulnerabilities for any repository.

Step 2: Find this repository's vulnerable dependencies

Use GitHub's security alerts to identify a vulnerable NPM dependency.

⌨️ Activity: Identify the suggested version update

  1. Click the Insights tab in your repository.
  2. On the left hand navigation bar, click Dependency graph.
  3. Scroll down until you see a yellow bar highlighting the dependency named debug, and click on the right hand side of the yellow debug section.
  4. Take note of the suggested version.
  5. Comment in this issue with the suggested update version.

GitHub Enterprise Server only: This is all possible on GitHub Enterprise through GitHub Connect. It may take up to an hour to refresh the alerts and make them visible. After waiting a reasonable amount of time, if you are still not seeing the yellow bar in the Dependency Graph, you may want to contact your administrator. In the mean time, to move along with the course, we'll give you a hint - the recommended upgraded version is 2.6.9.

For a printable version of the steps in this course, check out the Quick Reference Guide.

Return to this issue for my next comment.

Welcome

🎉 Welcome to Securing your workflows!

In this course, you'll learn how to build and host a secure repository in GitHub. A secure repository is important for many reasons.

  • Prevents exposing sensitive data
  • Enforces secure development best practices
  • Guards against unintended access rights permissions

In this course you will learn how to:

  • Opt-in to vulnerability alerts for private repositories
    • Note: These security settings are default for public repositories that are not forks.
  • Detect and fix vulnerable dependencies when notified by a vulnerability alert
  • Follow security best practices to protect sensitive data by using a .gitignore file

New to GitHub?

For this course, you'll need to be comfortable with the GitHub Flow. If you need a refresher on the GitHub flow, check out the the Introduction to GitHub course.

Step 1: Your project on GitHub Pages

This project is centered around a memory game that will be deployed with GitHub Pages.

⌨️ Activity: Enable GitHub Pages

  1. Click the Settings tab in your repository.
  2. Scroll down to GitHub Pages and select main as a Source.

For a printable version of the steps in this course, check out the Quick Reference Guide.

Turning on GitHub Pages creates a deployment of your repository. I may take up to a minute to respond as I await the deployment.

Return to this issue for my next comment.

Sometimes I respond too fast for the page to update! If you perform an expected action and don't see a response from me, wait a few seconds. Then refresh the page for your next steps.

Congratulations!

Nice work

celebrate

Congratulations @armandleopold, you've completed this course!

When considering the security of your repository, consider the installed applications, like me. Every app installed on your repository has access to some of your data. Even if it is harmless (like me), it is a good idea to periodically check and prune the list of installed apps and integrations on your repositories. Look for things like active use, or permissions giving more access than necessary.

Manage app permissions

As much as it pains me to leave you, I want you to uninstall me from this repository. I won't be able to congratulate you on achieving this task, but know I'm excited about your progress.

Follow the guidelines in GitHub's documentation to review authorized OAuth and GitHub Apps. If you'd like to practice, you can uninstall Learning Lab from this repository.

What went well

Before I say good-bye, here's a recap of all the tasks you've accomplished in your repository:

  • Enable vulnerable dependency detection for private repositories
  • Detect and fix outdated dependencies with security vulnerabilities
  • Keep sensitive data out of your repository by leveraging the use of a .gitignore file

What's next?

Want to learn more options to secure your repository? Check out the documentation for security alerts, as well as some GitHub apps for security that might help you keep your code safe.

Keep Learning

Want to keep learning? Feel free to check out our other courses.

I won't respond to this issue, go ahead and close it when finished.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.