From 4202457e12c271c02cd49cfef8c123785b44ba60 Mon Sep 17 00:00:00 2001 From: Dan Shanahan Date: Thu, 15 Jun 2023 15:07:27 -0700 Subject: [PATCH 1/3] Update README.md --- README.md | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5e759fc..2363192 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,45 @@ # Advanced Security Material -A place for resources to help you understand and use GitHub Advanced Security +A place for resources to help you understand and use GitHub Advanced Security (GHAS). Browse the directories in this repository for resources and documentation. To help you get started with GHAS, we've provided some introductory documentation in this file. + +## Get started +The following list of links are great resources to get you started on learning how to use, deploy, and manage GitHub Advanced Security in your environment. + +New to GitHub Advanced Security? Start with [GitHub security features](https://docs.github.com/en/enterprise-cloud@latest/code-security/getting-started/github-security-features) :+1: + +## Code Scanning +- [About GitHub Code Scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) +- [Configuring Code Scanning](https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning) +- [Integrating other tools with GHAS](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning) + +## CodeQL +- [Meet CodeQL](https://codeql.github.com/) +- [CodeQL Documentation](https://codeql.github.com/docs/) +- [CWE Query Mapping Documentation](https://codeql.github.com/codeql-query-help/codeql-cwe-coverage) +- [Running additional queries](https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#running-additional-queries) +- [CodeQL CLI Docs](https://codeql.github.com/docs/codeql-cli/getting-started-with-the-codeql-cli) +- [Running CodeQL in your CI System](https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system) + +## Secret Scanning +- [About Secret Scanning](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning) +- [Supported secret patterns](https://docs.github.com/en/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-patterns) +- [Defining custom secret patterns](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning) + +## Supply Chain Security (Dependabot) +- [About](https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security) +- [Dependency Graph](https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) +- [Dependabot Alerts](https://docs.github.com/en/enterprise-cloud@latest/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) +- [Dependabot Security Updates](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) +- [GitHub Advisory Database](https://github.com/advisories) + +## Security Overview +- [About Security Overview](https://docs.github.com/en/code-security/security-overview/about-the-security-overview) +- [Managing alerts in your repository](https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository) + +## Other Resources +- [SARIF Tutorials](https://github.com/microsoft/sarif-tutorials) +- [GitHub Advanced Security Learning Path](https://docs.microsoft.com/en-us/users/githubtraining/collections/rqymc6yw8q5rey) +- [Scaling GHAS in Your Organization](https://resources.github.com/downloads/Whitepaper-Scaling-GHAS-in-an-Enterprise.pdf) +- [The Complete Guide to Developer-first Security](https://resources.github.com/downloads/GitHubAdvanced%20SecurityEbook.pdf) +- [GitHub Checkout - Code Scanning (video)](https://www.youtube.com/watch?v=z0wvGf3O69E) +- [GitHub Checkout - Secret Scanning (video)](https://www.youtube.com/watch?v=aoL7pDrXt74) +- [GitHub Checkout - Viewing and Managing your Dependencies (video)](https://www.youtube.com/watch?v=gNd_TGdZ1xc) From 28190e9e50d0c4d17c5e98a6297791ead132a58a Mon Sep 17 00:00:00 2001 From: Dan Shanahan Date: Thu, 15 Jun 2023 15:07:50 -0700 Subject: [PATCH 2/3] Update README.md --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2363192..ce61d4a 100644 --- a/README.md +++ b/README.md @@ -6,12 +6,12 @@ The following list of links are great resources to get you started on learning h New to GitHub Advanced Security? Start with [GitHub security features](https://docs.github.com/en/enterprise-cloud@latest/code-security/getting-started/github-security-features) :+1: -## Code Scanning +### Code Scanning - [About GitHub Code Scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) - [Configuring Code Scanning](https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning) - [Integrating other tools with GHAS](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning) -## CodeQL +### CodeQL - [Meet CodeQL](https://codeql.github.com/) - [CodeQL Documentation](https://codeql.github.com/docs/) - [CWE Query Mapping Documentation](https://codeql.github.com/codeql-query-help/codeql-cwe-coverage) @@ -19,23 +19,23 @@ New to GitHub Advanced Security? Start with [GitHub security features](https:// - [CodeQL CLI Docs](https://codeql.github.com/docs/codeql-cli/getting-started-with-the-codeql-cli) - [Running CodeQL in your CI System](https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system) -## Secret Scanning +### Secret Scanning - [About Secret Scanning](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning) - [Supported secret patterns](https://docs.github.com/en/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-patterns) - [Defining custom secret patterns](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning) -## Supply Chain Security (Dependabot) +### Supply Chain Security (Dependabot) - [About](https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security) - [Dependency Graph](https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) - [Dependabot Alerts](https://docs.github.com/en/enterprise-cloud@latest/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) - [Dependabot Security Updates](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) - [GitHub Advisory Database](https://github.com/advisories) -## Security Overview +### Security Overview - [About Security Overview](https://docs.github.com/en/code-security/security-overview/about-the-security-overview) - [Managing alerts in your repository](https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository) -## Other Resources +### Other Resources - [SARIF Tutorials](https://github.com/microsoft/sarif-tutorials) - [GitHub Advanced Security Learning Path](https://docs.microsoft.com/en-us/users/githubtraining/collections/rqymc6yw8q5rey) - [Scaling GHAS in Your Organization](https://resources.github.com/downloads/Whitepaper-Scaling-GHAS-in-an-Enterprise.pdf) From 258444c29b239819455f0efdb6315d7cc1d86b55 Mon Sep 17 00:00:00 2001 From: Dan Shanahan Date: Thu, 15 Jun 2023 15:08:20 -0700 Subject: [PATCH 3/3] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ce61d4a..3828786 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Advanced Security Material A place for resources to help you understand and use GitHub Advanced Security (GHAS). Browse the directories in this repository for resources and documentation. To help you get started with GHAS, we've provided some introductory documentation in this file. -## Get started +## Get started with GitHub Advanced Security The following list of links are great resources to get you started on learning how to use, deploy, and manage GitHub Advanced Security in your environment. New to GitHub Advanced Security? Start with [GitHub security features](https://docs.github.com/en/enterprise-cloud@latest/code-security/getting-started/github-security-features) :+1: