- Module 1: This module will help you become familiar with GitHub's Advanced Security features and best practices. As you learn about these features, you'll identify critical areas for eliminating security gaps.
By the end of this module, you'll be able to:
- Define GHAS and the importance of the integral features such as Secret scanning, Code scanning, and Dependabot
- Know how to utilize GHAS to maximize security impact
- Understand GHAS and its role in the security ecosystem
- Module 2: Learn how to configure Dependabot security updates on your GitHub repo.
By the end of this module, you'll be able to:
- Describe the available tools for managing vulnerable dependencies on GitHub.
- Enable and configure Dependabot alerts.
- Identify the permissions and roles required to view and enable Dependabot alerts.
- Enable and configure Dependabot security updates.
- Identify, review, and address vulnerable dependencies.
- Explain how to use GraphQL API to retrieve vulnerability information.
- Explain how to configure notifications for vulnerable dependencies.
- Module 3: On completing this module, you'll understand how secret scanning works to configure and use it efficiently.
By the end of this module, you'll be able to:
- Describe secret scanning.
- Configure secret scanning.
- Use secret scanning.
- Module 4: This module introduces you to code scanning and its features. You will learn how to implement code scanning using CodeQL, third party tools, and GitHub Actions.
After completing this module, you'll be able to:
- Describe code scanning.
- List the steps for enabling code scanning in a repository.
- List the steps for enabling code scanning with third-party analysis.
- Contrast how to implement CodeQL analysis in a GitHub Actions workflow versus a third-party continuous integration (CI) tool.
- Explain how to configure code scanning on a repository using triggering events.
- Contrast the frequency of code scanning workflows (scheduled vs triggered by events).
- Module 5: Learn how to use CodeQL to analyze the code in your GitHub repository and identify security vulnerabilities.
By the end of this module, you'll be able to:
- Create a database by using CodeQL to extract a single relational representation of each source file in the codebase.
- Run CodeQL in a database to find problems in your source code and find potential security vulnerabilities.
- Understand CodeQL scan results by using GitHub-created queries or your own custom queries.
- Module 6: Learn how to use CodeQL, a powerful static analysis tool, to implement code scanning on GitHub.
By the end of this module, you'll be able to:
- Understand CodeQL and how it analyzes code.
- Understand QL, a unique logic programming language.
- Set up CodeQL based code scanning in a GitHub repository.
- Reference a custom CodeQL query.
- Configure the language matrix in a CodeQL workflow.
- Learn how to use the CodeQL CLI to generate code scanning results and upload them to GitHub.
- Implement custom build steps.
- Module 7: Understand where GitHub Advanced Security fits in your software development lifecycle and how to enable and roll it out in your organization.
By the end of this module, you're able to:
- Understand what GitHub Advanced Security is and how to use it in the software development lifecycle.
- Identify which GitHub Advanced Security features are available for open-source projects and which are available on enterprise products.
- Enable the different features of GitHub Advanced Security on different enterprise products.
- Determine who should get access to GitHub Advanced Security features in an organization and grant the correct permissions.
- Set security policies at the organization and repository levels.
- Understand how to respond to a security alert.
- Use the Security Overview to monitor security alerts.
- Use the GitHub Advanced Security API endpoints to manage the GitHub Advanced Security features and alerts.
- Module 8: Familiarize yourself with GitHub's basic security tools, which prepare repositories for secure development and industry-standard response to threats.
In this module, you'll learn how to:
- Create documentation that details security guidelines and useful information for collaborators.
- Set permissions and other rules.
- Automate processes that prevent security breaches.
- Respond to security breaches.
Overview
Syllabus
- Module 1: Module 1: Introduction to GitHub Advanced Security
- Introduction
- Define GHAS and the importance of its integral features
- How to utilize GHAS to get the most impact
- Understand GHAS and its role in the security ecosystem
- Knowledge check
- Summary
- Module 2: Module 2: Configure Dependabot security updates on your GitHub repo
- Introduction
- Manage your dependencies on GitHub
- Dependabot alerts
- Dependabot security updates
- Manage Dependabot notifications and reports
- Dependency review
- Exercise - Configure Dependabot security updates
- Knowledge check
- Summary
- Module 3: Module 3: Configure and use secret scanning in your GitHub repository
- Introduction
- What is secret scanning?
- Configure secret scanning
- Use secret scanning
- Exercise
- Knowledge check
- Summary
- Module 4: Module 4: Configure code scanning on GitHub
- Introduction
- What is code scanning?
- Enable code scanning with third party tools
- Configure code scanning
- Configure code scanning exercise
- Knowledge check
- Summary
- Module 5: Module 5: Identify security vulnerabilities in your codebase by using CodeQL
- Introduction
- Prepare a database for CodeQL
- Run CodeQL in a database
- Understand CodeQL results
- Troubleshoot CodeQL results
- Knowledge check
- Summary
- Module 6: Module 6: Code scanning with GitHub CodeQL
- Introduction
- What is CodeQL?
- How does CodeQL analyze code?
- What is QL?
- Code scanning and CodeQL
- Customize your code scanning workflow with CodeQL - Part 1
- Exercise - Reference a CodeQL query
- Customize your code scanning workflow with CodeQL - Part 2
- Use the CodeQL CLI
- Customize languages and builds for code scanning
- Exercise - Configure a CodeQL language matrix
- Knowledge check
- Summary
- Module 7: Module 7: GitHub administration for GitHub Advanced Security
- Introduction
- What is GitHub Advanced Security?
- Enable GitHub Advanced Security
- Manage access to GitHub Advanced Security
- Manage the GitHub Advanced Security features and alerts
- Knowledge check
- Summary
- Module 8: Module 8: Manage sensitive data and security policies within GitHub
- Introduction
- Setting security policies
- Create and manage repository rulesets
- Reporting and logging
- Exercise
- Knowledge check
- Summary