GitHub Advanced Security

• Security professionals responsible for implementing and managing security measures within their organization

• Developers looking to deepen their knowledge of advanced security features in GitHub

• IT specialists who want to effectively use GitHub Advanced Security to enhance codebase and development workflow security

• Comprehensive security knowledge – You’ll gain deep understanding of GitHub Advanced Security features and their practical implementation

• Enhanced vulnerability detection – You’ll learn how to effectively use secret scanning, code scanning and Dependabot to identify security issues early

• Practical security implementation – Through hands-on exercises you’ll gain experience in configuring and managing security features

• Real-world application – You’ll learn best practices and workflows that can be immediately applied to improve your organization’s security posture

1. Introduction to GitHub Advanced Security

   • Introduction

   • Define GHAS and the importance of its integral features

   • How to utilize GHAS to get the most impact

   • Understand GHAS and its role in the security ecosystem

2. Configure Dependabot security updates on your GitHub repo

   • Introduction

   • Manage your dependencies on GitHub

   • Dependabot alerts

   • Dependabot security updates

   • Manage Dependabot notifications and reports

   • Dependency review

   • Exercise – Configure Dependabot security updates

3. Configure and use secret scanning in your GitHub repository

   • Introduction

   • What is secret scanning?

   • Configure secret scanning

   • Use secret scanning

   • Exercise – Introduction to secret scanning

4. Configure code scanning on GitHub

   • Introduction

   • What is code scanning?

   • Enable code scanning with third party tools

   • Configure code scanning

   • Exercise – Configure code scanning

5. Identify security vulnerabilities in your codebase by using CodeQL

   • Introduction

   • Prepare a database for CodeQL

   • Run CodeQL in a database

   • Understand CodeQL results

   • Troubleshoot CodeQL results

6. Code scanning with GitHub CodeQL

   • Introduction

   • What is CodeQL?

   • How does CodeQL analyze code?

   • What is QL?

   • Code scanning and CodeQL

   • Customize your code scanning workflow with CodeQL – Part 1

   • Exercise – Reference a CodeQL query

   • Customize your code scanning workflow with CodeQL – Part 2

   • Use the CodeQL CLI

   • Customize languages and builds for code scanning

   • Exercise – Configure a CodeQL language matrix

7. GitHub administration for GitHub Advanced Security

   • Introduction

   • What is GitHub Advanced Security?

   • Enable GitHub Advanced Security

   • Manage access to GitHub Advanced Security

   • Manage the GitHub Advanced Security features and alerts

8. Manage sensitive data and security policies within GitHub

   • Introduction

   • Setting security policies

   • Create and manage repository rulesets

   • Reporting and logging

   • Exercise – Removing a commit from the git history

• Experience in using and administering GitHub repositories

• Experience working with Microsoft Azure services

• Technical skills in code scanning, dependency management, and secret scanning

• Familiarity with tools like CodeQL and Dependabot

• Intermediate knowledge of Git and GitHub functions and features

•  manual in electronic form available on the platform: https://learn.microsoft.com/pl-pl/training/

• access to Altkom Akademia's student portal

Training method:

• Lecture (70%)
• Exercises (30%)

• Training: English

• Materials: English

On-line exam. Record at https://home.pearsonvue.com/Clients/Microsoft.aspx

GitHub Advanced Security

Exam URL:https://learn.microsoft.com/en-us/credentials/certifications/github-advanced-security/?practice-assessment-type=certification