Skip to content

GitHub Advanced Security - Developer Training

Overview

GitHub Advanced Security allows you to have a “developer-first” approach to Application Security, recognizing that developers have a critical role to play in securing your applications. This training will enable developers in your organization to both understand and effectively use the features of Advanced Security.

Offering level

Fundamentals [100]

Target Audience

  • Developers
  • Product Security teams
  • DevSecOps teams

Key features and benefits

  • Understand the features available in GitHub Advanced Security
  • Hands-on experience enabling GitHub Advanced Security features
  • Reduce developer friction by increasing awareness of GitHub Advanced Security features.

Engagement Schedule

This engagement will consist of one session of 2 hours face-to-face time. Maximum session size is typically 20 people.

Syllabus

  • What is GitHub Advanced Security (GHAS)
    • Features of GHAS
    • The benefits of using GHAS
  • Securing Dependencies
    • Dependency Review
    • Dependabot & Dependency Graph
  • Secret Scanning
    • Using Secret Scanning
    • Create custom secrets
  • Code Scanning
    • Using CodeScanning
    • Using 3rd Party Tools with SARIF
  • CodeQL
    • What is CodeQL
    • How to Interact with CodeQL
    • Setting Up CodeQL GitHub Actions
  • GHAS in the Developer flow

Learning outcomes/business outcomes

After completing this workshop participants will be able to:

  • Understand the key components of GitHub Advanced Security (Code Scanning, Secret Scanning and Dependabot).
  • Enable Secret Scanning and understand how to triage and remediate results
  • Enable Dependabot and understand how to triage and remediate results
  • Enable CodeQL analysis within GitHub Actions to perform static analysis for commonly used languages.
  • Configure GitHub Actions to trigger CodeQL analysis on both a schedule and in response to a Pull Request
  • Interact effectively with the Code Scanning user interface to understand, triage and remediate reported vulnerabilities.
  • Understand how to configure CodeQL to improve the quality of results.
  • Understand how to integrate common third party tools into Code Scanning via GitHub Actions.

Prerequisites

  • It is recommended that the developers have access to GHAS licenses before attending the developer training session.

How can we help?

Let's build a customized solution that meets all of your needs.

This field is required.
Please enter a valid work email address.
This field is required.
This field is required.
For support questions, head to
github.com/contact