GH-500T00 – GitHub Advanced Security

GH-500: GitHub Advanced Security

Course Description

Secure your software supply chain and protect your code from development to deployment with GH-500: GitHub Advanced Security. This expert-led course provides a deep dive into GitHub Advanced Security (GHAS) capabilities, equipping development, security, and DevSecOps teams with the tools to proactively detect vulnerabilities, enforce secure coding practices, and integrate security throughout the DevOps lifecycle.

Learn how to use Code Scanning, Secret Scanning, and Dependency Review effectively, manage security policies across repositories, and leverage GitHub-native security intelligence to strengthen application security posture at scale. Whether you're building open-source software or managing an enterprise repository, this course empowers you to shift security left using GitHub's powerful ecosystem.

Audience Profile

This course is ideal for:

• Security engineers and DevSecOps professionals focused on securing application code and pipelines

• Software developers and technical leads looking to embed security practices into GitHub workflows

• Platform engineers and GitHub administrators responsible for managing security policies across repositories

• Compliance managers and IT risk professionals working in regulated industries

Familiarity with GitHub, CI/CD concepts, and basic security principles is recommended.

Course Outline

Module 1: Introduction to GitHub Advanced Security

• Overview of GitHub Advanced Security features and licensing

• Understanding secure software development practices with GitHub

• Positioning GHAS in the DevSecOps toolchain

Module 2: Enabling and Configuring GitHub Advanced Security

• Enabling GHAS features across organizations and repositories

• Managing GitHub security policies and permissions

• Integrating GHAS with GitHub Enterprise and GitHub Actions

Module 3: Code Scanning with GitHub

• Setting up code scanning workflows using CodeQL and GitHub Actions

• Understanding security alerts and interpreting scan results

• Customizing queries and maintaining secure code through automation

Module 4: Secret Scanning and Push Protection

• Protecting against credential leaks with GitHub Secret Scanning

• Activating push protection to block secrets before they reach your codebase

• Managing custom patterns and remediation workflows

Module 5: Dependency Management and Supply Chain Security

• Leveraging Dependency Graph, Dependabot alerts, and updates

• Reviewing vulnerabilities and software bill of materials (SBOM)

• Conducting secure dependency reviews and licensing checks

Module 6: Security Reporting, Compliance, and Best Practices

• Generating reports and monitoring security health across projects

• Integrating GitHub security with external SIEM or ticketing systems

• Governance, audit readiness, and security automation strategies

Hands-on Experience

This course is approximately 40% to 50% hands-on, allowing participants to explore real-world scenarios with GitHub Advanced Security features, configure secure workflows, and apply automated threat detection in live GitHub environments.