GitHub Advanced Security

After completing this course, students will be able to:

• Describe the available tools for managing vulnerable dependencies on GitHub.
• Enable and configure Dependabot alerts.
• Identify the permissions and roles required to view and enable Dependabot alerts.
• Enable and configure Dependabot security updates.
• Identify, review, and address vulnerable dependencies.
• Explain how to use GraphQL API to retrieve vulnerability information.
• Explain how to configure notifications for vulnerable dependencies.
• Understand what GitHub Advanced Security is and how to use it in the software development lifecycle.
• Identify which GitHub Advanced Security features are available for open-source projects and which are available on enterprise products.
• Enable the different features of GitHub Advanced Security on different enterprise products.
• Determine who should get access to GitHub Advanced Security features in an organization and grant the correct permissions.
• Set security policies at the organization and repository levels.
• Understand how to respond to a security alert.
• Use the Security Overview to monitor security alerts.
• Use the GitHub Advanced Security API endpoints to manage the GitHub Advanced Security features and alerts.

This course in intended for students who want to understand and implement advanced security practices with the help of GitHub Advanced Security (GHAS). They will learn how to significantly enhance software development processes and create a more resilient and secure development ecosystem using developer-first solutions to unlock the ability to keep code, supply chain, and secrets secure before you push to production. They will learn how GHAS gives security teams visibility into the cross-organizational security posture and supply chain and unparalleled access to curated security intelligence from millions of developers and security researchers around the world.
 

• A GitHub account
• Basic understanding of GitHub fundamentals

GitHub Advanced Security Part 1 of 2 Introduction to GitHub Advanced Security

• Introduction
• Define GHAS and the importance of its integral features
• How to utilize GHAS to get the most impact
• Understand GHAS and its role in the security ecosystem
• Module assessment

Configure Dependabot security updates on your GitHub repo

• Introduction
• Manage your dependencies on GitHub
• Dependabot alerts
• Dependabot security updates
• Manage Dependabot notifications and reports
• Dependency review
• Exercise - Configure Dependabot security updates
• Module assessment

Configure and use secret scanning in your GitHub repository

• Introduction
• What is secret scanning?
• Configure secret scanning
• Use secret scanning
• Exercise
• Module assessment

Configure code scanning on GitHub

• Introduction
• What is code scanning?
• Enable code scanning with third party tools
• Configure code scanning
• Configure code scanning exercise
• Module assessment

GitHub Advanced Security Part 2 of 2 Identify security vulnerabilities in your codebase by using CodeQL

• Introduction
• Prepare a database for CodeQL
• Run CodeQL in a database
• Understand CodeQL results
• Troubleshoot CodeQL results
• Module assessment

Code scanning with GitHub CodeQL

• Introduction
• What is CodeQL?
• How does CodeQL analyze code?
• What is QL?
• Code scanning and CodeQL
• Customize your code scanning workflow with CodeQL - Part 1
• Exercise - Reference a CodeQL query
• Customize your code scanning workflow with CodeQL - Part 2
• Use the CodeQL CLI
• Customize languages and builds for code scanning
• Exercise - Configure a CodeQL language matrix
• Module assessment

GitHub administration for GitHub Advanced Security

• Introduction
• What is GitHub Advanced Security?
• Enable GitHub Advanced Security
• Manage access to GitHub Advanced Security
• Manage the GitHub Advanced Security features and alerts
• Module assessment

Manage sensitive data and security policies within GitHub

• Introduction
• Setting security policies
• Create and manage repository rulesets
• Reporting and logging
• Exercise
• Module assessment