GitHub Advanced Security
Course Description
This course will teach you how to use GitHub Advanced Security, a set of features that help you improve and maintain the quality of your code. You will learn how to purchase and enable a license for GitHub Advanced Security, and how to access and configure the security settings for your repositories and organizations. You will also learn how to implement code scanning, secret scanning, and dependency review for your projects. Code scanning will help you find and fix vulnerabilities and coding errors in your code using CodeQL, a powerful semantic code analysis engine. Secret scanning will help you detect and prevent secrets, such as keys and tokens, from being exposed in your repositories. Dependency review will help you assess the impact of changes to your dependencies before merging a pull request, and use Dependabot to keep your dependencies up to date and secure.
About this Course
Course Outline
Module 1: Introduction to GitHub Advanced Security
What are the benefits and use cases of GitHub Advanced Security? How to purchase and enable a license for private and internal repositories? How to access and configure the security settings for your repositories and organizations?
Module 2: Implementing Code scanning
How to use CodeQL, a powerful semantic code analysis engine, to find and fix vulnerabilities and coding errors in your code? How to set up code scanning workflows using GitHub Actions or other CI/CD tools? How to review and manage code scanning alerts on GitHub or in your IDE? How to write and share custom CodeQL queries and libraries?
Module 3: Secret scanning
How to detect and prevent secrets, such as keys and tokens, from being exposed in your repositories? How to enable secret scanning for your repositories and organizations? How to review and resolve secret scanning alerts on GitHub or via email notifications? How to use push protection to block commits that contain secrets? How to create and test custom secret scanning patterns?
Module 4: Dependency review
How to assess the impact of changes to your dependencies before merging a pull request? How to view the details of your dependencies, such as versions, licenses, and vulnerabilities? How to use Dependabot to keep your dependencies up to date and secure?
Duration
1 Day
Prerequisites
none
Level
Advanced
Product
GitHub Advanced Security
Role
Security Engineer