GH-500T00: GitHub Advanced Security Duration: 1 Day

Module 1: Introduction to GitHub Advanced Security
• Define GHAS and the importance of the integral features such as Secret scanning, Code scanning, and Dependabot
• Know how to utilize GHAS to maximize security impact
• Understand GHAS and its role in the security ecosystem

Module 2: Configure Dependabot security updates on your GitHub repo
• Describe the available tools for managing vulnerable dependencies on GitHub.
• Enable and configure Dependabot alerts.
• Identify the permissions and roles required to view and enable Dependabot alerts.
• Enable and configure Dependabot security updates.
• Identify, review, and address vulnerable dependencies.
• Explain how to use GraphQL API to retrieve vulnerability information.
• Explain how to configure notifications for vulnerable dependencies.
• Lab: Configure Dependabot security updates

Module 3: Configure and use secret scanning in your GitHub repository
• Describe secret scanning.
• Configure secret scanning.
• Use secret scanning.

Module 4: Configure code scanning on GitHub
• Describe code scanning.
• List the steps for enabling code scanning in a repository.
• List the steps for enabling code scanning with third-party analysis.
• Contrast how to implement CodeQL analysis in a GitHub Actions workflow versus a third-party.
• Continuous integration (CI) tool.
• Explain how to configure code scanning on a repository using triggering events.
• Contrast the frequency of code scanning workflows (scheduled vs triggered by events).

GitHub Advanced Security Part 2 of 2

Module 1: Identify security vulnerabilities in your codebase by using CodeQL
• Create a database by using CodeQL to extract a single relational representation of each source file in the codebase.
• Run CodeQL in a database to find problems in your source code and find potential security vulnerabilities.
• Understand CodeQL scan results by using GitHub-created queries or your own custom queries.

Module 2: Code scanning with GitHub CodeQL
• Understand CodeQL and how it analyzes code.
• Understand QL, a unique logic programming language.
• Set up CodeQL based code scanning in a GitHub repository.
• Reference a custom CodeQL query.
• Configure the language matrix in a CodeQL workflow.
• Learn how to use the CodeQL CLI to generate code scanning results and upload them to GitHub.
• Implement custom build steps.
• Lab: Reference a CodeQL query
• Lab: Configure a CodeQL language matrix

Module 3: GitHub administration for GitHub Advanced Security
• Understand what GitHub Advanced Security is and how to use it in the software development lifecycle.
• Identify which GitHub Advanced Security features are available for open-source projects and which are available on enterprise products.
• Enable the different features of GitHub Advanced Security on different enterprise products.
• Determine who should get access to GitHub Advanced Security features in an organization and grant the correct permissions.
• Set security policies at the organization and repository levels.
• Understand how to respond to a security alert.
• Use the Security Overview to monitor security alerts.
• Use the GitHub Advanced Security API endpoints to manage the GitHub Advanced Security features and alerts.

Module 4: Manage sensitive data and security policies within GitHub
• Create documentation that details security guidelines and useful information for collaborators.
• Set permissions and other rules.
• Automate processes that prevent security breaches.
• Respond to security breaches.