Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Expert Services
Contact Experts

GitHub Advanced Security - Developer Training

Overview

GitHub Advanced Security allows you to have a “developer-first” approach to Application Security, recognizing that developers have a critical role to play in securing your applications. This training will enable developers in your organization to both understand and effectively use the features of Advanced Security.

Offering level

Fundamentals [100]

Target Audience

  • Developers
  • Product Security teams
  • DevSecOps teams

Key features and benefits

  • Understand the features available in GitHub Advanced Security
  • Hands-on experience enabling GitHub Advanced Security features
  • Reduce developer friction by increasing awareness of GitHub Advanced Security features.

Engagement Schedule

This engagement will consist of one session of 2 hours face-to-face time. Maximum session size is typically 20 people.

Syllabus

  • What is GitHub Advanced Security (GHAS)
    • Features of GHAS
    • The benefits of using GHAS
  • Securing Dependencies
    • Dependency Review
    • Dependabot & Dependency Graph
  • Secret Scanning
    • Using Secret Scanning
    • Create custom secrets
  • Code Scanning
    • Using CodeScanning
    • Using 3rd Party Tools with SARIF
  • CodeQL
    • What is CodeQL
    • How to Interact with CodeQL
    • Setting Up CodeQL GitHub Actions
  • GHAS in the Developer flow

Learning outcomes/business outcomes

After completing this workshop participants will be able to:

  • Understand the key components of GitHub Advanced Security (Code Scanning, Secret Scanning and Dependabot).
  • Enable Secret Scanning and understand how to triage and remediate results
  • Enable Dependabot and understand how to triage and remediate results
  • Enable CodeQL analysis within GitHub Actions to perform static analysis for commonly used languages.
  • Configure GitHub Actions to trigger CodeQL analysis on both a schedule and in response to a Pull Request
  • Interact effectively with the Code Scanning user interface to understand, triage and remediate reported vulnerabilities.
  • Understand how to configure CodeQL to improve the quality of results.
  • Understand how to integrate common third party tools into Code Scanning via GitHub Actions.

Prerequisites

  • It is recommended that the developers have access to GHAS licenses before attending the developer training session.

How can we help?

Let's build a customized solution that meets all of your needs.

This field is required.
Please enter a valid work email address.
This field is required.
This field is required.
For support questions, head to
github.com/contact
Back to catalog listing
Morty Proxy This is a proxified and sanitized view of the page, visit original site.