GitHub Advanced Security Developer Training
Overview
GitHub Advanced Security allows you to have a “developer-first” approach to Application Security, recognizing that developers have a critical role to play in securing your applications. This training will enable developers in your organization to both understand and effectively use the features of Advanced Security.
Offering level
Fundamentals
Target Audience
- Developers
- Product Security teams
- DevSecOps teams
Key features and benefits
- Understand the features available in GitHub Advanced Security
- Hands-on experience enabling GitHub Advanced Security features
- Reduce developer friction by increasing awareness of GitHub Advanced Security features.
Engagement Schedule
This engagement will consist of one session of 2 hours face-to-face time. Maximum session size is typically 20 people.
Syllabus
- What is GitHub Advanced Security (GHAS)
- Features of GHAS
- The benefits of using GHAS
- Securing Dependencies
- Dependency Review
- Dependabot & Dependency Graph
- Secret Scanning
- Using Secret Scanning
- Create custom secrets
- Code Scanning
- Using CodeScanning
- Using 3rd Party Tools with SARIF
- CodeQL
- What is CodeQL
- How to Interact with CodeQL
- Setting Up CodeQL GitHub Actions
- GHAS in the Developer flow
Learning outcomes/business outcomes
After completing this workshop participants will be able to:
- Understand the key components of GitHub Advanced Security (Code Scanning, Secret Scanning and Dependabot).
- Enable Secret Scanning and understand how to triage and remediate results
- Enable Dependabot and understand how to triage and remediate results
- Enable CodeQL analysis within GitHub Actions to perform static analysis for commonly used languages.
- Configure GitHub Actions to trigger CodeQL analysis on both a schedule and in response to a Pull Request
- Interact effectively with the Code Scanning user interface to understand, triage and remediate reported vulnerabilities.
- Understand how to configure CodeQL to improve the quality of results.
- Understand how to integrate common third party tools into Code Scanning via GitHub Actions.
Prerequisites
- It is recommended that the developers have access to GHAS licenses before attending the developer training session.
Interested?
Interested in learning more about our services? Feel free to reach out to us on our Discord server! Whether you have questions, need clarification, or simply want to connect with our crew, we're here to assist you every step of the way. Join our Discord community and let's start the conversation today!