[borlak]

best way: don't deploy from github. you should have an internal github server (github enterprise). don't rely on the site to secure your production code. they have had security problems in the past.

[maratd]

How is that more secure? They're both running the same code base. That means they have the same vulnerabilities. Both also need to be public facing to deploy code.

[amccloud]

No. Github Enterprise can be setup to be only accessible from your internal network.

[maratd]

You can set it up that way, but then you wouldn't be able to deploy from it ... unless you're developing something that is being used internally?

[amccloud]

What makes you say that. Just make sure your server are on the same network.

[maratd]

> Just make sure your server are on the same network.

Using a VPN? Or are you hosting your own stuff?

If your public facing server gets breached and it is sitting on your actual internal network or is connected through a VPN ... well, that means the attacker just got a free pass right through your firewall.

I used to put my production boxes on a VPN, but now I don't have to because I can deploy from GitHub. That was the main reason I signed up with GitHub.