GitHub Advanced Security

GitHub Advanced Security
Instructor-led Training

Course Description

This course will teach you how to use GitHub Advanced Security, a set of features that help you improve and maintain the quality of your code. You will learn how to purchase and enable a license for GitHub Advanced Security, and how to access and configure the security settings for your repositories and organizations. You will also learn how to implement code scanning, secret scanning, and dependency review for your projects. Code scanning will help you find and fix vulnerabilities and coding errors in your code using CodeQL, a powerful semantic code analysis engine. Secret scanning will help you detect and prevent secrets, such as keys and tokens, from being exposed in your repositories. Dependency review will help you assess the impact of changes to your dependencies before merging a pull request, and use Dependabot to keep your dependencies up to date and secure. 

 

About this Course

Module 1: Introduction to GitHub Advanced Security 

What are the benefits and use cases of GitHub Advanced Security? How to purchase and enable a license for private and internal repositories? How to access and configure the security settings for your repositories and organizations? 

Module 2: Implementing Code scanning 

How to use CodeQL, a powerful semantic code analysis engine, to find and fix vulnerabilities and coding errors in your code? How to set up code scanning workflows using GitHub Actions or other CI/CD tools? How to review and manage code scanning alerts on GitHub or in your IDE? How to write and share custom CodeQL queries and libraries? 

Module 3: Secret scanning 

How to detect and prevent secrets, such as keys and tokens, from being exposed in your repositories? How to enable secret scanning for your repositories and organizations? How to review and resolve secret scanning alerts on GitHub or via email notifications? How to use push protection to block commits that contain secrets? How to create and test custom secret scanning patterns? 

Module 4: Dependency review 

How to assess the impact of changes to your dependencies before merging a pull request? How to view the details of your dependencies, such as versions, licenses, and vulnerabilities? How to use Dependabot to keep your dependencies up to date and secure? 

 

1 Day

Advanced

GitHub Advanced Security

Security Engineer

Need to Train a Team?

Contact us to schedule a dedicated class for your team.