GitHub Advanced Security (GHAS) plays a crucial role in enhancing the security posture of software development projects on GitHub. It provides a comprehensive set of tools and features designed to identify and address security vulnerabilities throughout the development lifecycle. By integrating security directly into the development process with GHAS, your team can build more secure and reliable software. The course will explore how to utilize GHAS to maximize security impact and understand GHAS and its role in the security ecosystem.
Course Content
Learning Path 1: GitHub Advanced Security
Learn how to secure your code with advanced security features at every stage of your development lifecycle. GitHub Advanced Security is an add-on to GitHub Enterprise that allows you to use security features, such as secret scanning, code scanning, and dependency management on your private repositories.
In this learning path, you’ll:
- Gain an understanding of GitHub Advanced Security features
- Obtain the skills to recognize, apply, and evaluate these features within your own GitHub environment
Module 1: Introduction to GitHub Advanced Security
This module will help you become familiar with GitHub’s Advanced Security features (GHAS) and best practices. As you learn about these features, you’ll identify critical areas for eliminating security gaps.
Module 2: Configure Dependabot security updates on your GitHub repo
Manage your dependencies with GitHub Dependabot.
Module 3: Configure and use secret scanning in your GitHub repository
Understand how secret scanning works to configure and use it efficiently.
Module 4: Configure code scanning on GitHub
This module introduces you to code scanning and its features. You’ll learn how to implement code scanning using CodeQL, third party tools, and GitHub Actions.
Learning Path 2: GitHub Advanced Security
Learn how to secure your code with advanced security features at every stage of your development lifecycle. GitHub Advanced Security is an add-on to GitHub Enterprise that allows you to use security features, such as secret scanning, code scanning, and dependency management on your private repositories.
In this learning path, you’ll:
Module 1: Identify security vulnerabilities in your codebase by using CodeQL
In this module, you learn about CodeQL and how you can use it to analyze the code in your GitHub repository and identify security vulnerabilities.
Module 2: Code scanning with GitHub CodeQL
Learn how to use CodeQL, a powerful static analysis tool, to implement code scanning on GitHub.
Module 3: GitHub administration for GitHub Advanced Security
Understand where GitHub Advanced Security fits in your software development lifecycle and how to enable and roll it out in your organization.
Module 4: Manage sensitive data and security policies within GitHub
Familiarize yourself with GitHub’s basic security tools, which prepare repositories for secure development and industry-standard response to threats.
This course in intended for students who want to understand and implement advanced security practices with the help of GitHub Advanced Security (GHAS). They will learn how to significantly enhance software development processes and create a more resilient and secure development ecosystem using developer-first solutions to unlock the ability to keep code, supply chain, and secrets secure before you push to production. They will learn how GHAS gives security teams visibility into the cross-organizational security posture and supply chain and unparalleled access to curated security intelligence from millions of developers and security researchers around the world.
Upon completion, participants receive a Microsoft Certification recognizing their ability to apply GitHub Advanced Security to enhance the security of software projects and development processes.