Accueil / GH-500: Security in GitHub

GH-500: Security in GitHub

Github
Level : Intermediate
Useful information
Duration : 1 Day (7 Hours)
Remote price : 800 € excl tax/pers
Targeted audience
  • Developers, Administrators, DevOps Engineers.GH-500 : Security in GitHub
Next dates
Remote
Intra-company
On demand
Download PDF
Send by mail

Training Overview

This course will explore how to use GitHub Advanced Security (GHAS) to maximise security impact and understand GHAS and its role in the security ecosystem.
GHAS plays a crucial role in improving the security of software development projects on GitHub. It provides a comprehensive set of tools and features designed to identify and address security vulnerabilities throughout the development lifecycle. By integrating security directly into the development process with GHAS, your team can build more secure and reliable software.

Training objectives

On completion of this course, participants will be able to:

  • Explore the features of GitHub Advanced Security
  • Configure Dependabot security updates on a GitHub repository to proactively detect, track and fix dependency vulnerabilities.
Prerequisites
To follow this course, you must have taken the ‘GH-900: GitHub Fundamentals’ course or have an equivalent level.
Training Program

Discover GitHub Advanced Security

  • Define GHAS and the importance of key features such as secret scanning, code scanning, and Dependabot
  • Use GHAS to maximize security impact.
  • Understand GHAS and its role within the security ecosystem.

Configure Dependabot Security Updates on Your GitHub Repository

  • Describe the tools available for managing vulnerable dependencies on GitHub.
  • Enable and configure Dependabot alerts.
  • Identify the permissions and roles required to view and activate Dependabot alerts.
  • Enable and configure Dependabot security updates.
  • Identify, review, and remediate vulnerable dependencies.
  • Use the GraphQL API to retrieve vulnerability information.
  • Configure notifications for vulnerable dependencies.

Configure and Use Secret Scanning in Your GitHub Repository

  • Describe secret scanning.
  • Configure secret scanning.
  • Use secret scanning.

Configure Code Scanning on GitHub

  • Describe code scanning.
  • List the steps to enable code scanning in a repository.
  • List the steps to enable code scanning with a third-party tool.
  • Compare the implementation of CodeQL scanning in a GitHub Actions workflow versus a third-party CI tool.
  • Configure code scanning in a repository using trigger events.
  • Compare code scanning workflow frequencies (scheduled vs. event-triggered).

Identify Security Vulnerabilities in Your Codebase Using CodeQL

  • Create a database using CodeQL to extract a single relational representation of each source file in the codebase.
  • Run CodeQL on a database to identify issues in your source code and detect potential security flaws.
  • Understand the results of CodeQL analysis using GitHub-provided queries or your own custom queries.

Analyze Code with GitHub CodeQL

  • Understand CodeQL and how it analyzes code.
  • Understand QL, a unique logical programming language.
  • Set up CodeQL-based code scanning in a GitHub repository.
  • Reference a custom CodeQL query.
  • Configure the language matrix in a CodeQL workflow.
  • Use the CodeQL CLI to generate code analysis results and upload them to GitHub.
  • Implement custom build steps.

Administer GitHub for GitHub Advanced Security

  • Understand how GitHub Advanced Security works and how to use it within the software development lifecycle.
  • Identify the GitHub Advanced Security features available for open source projects and enterprise products.
  • Enable various GitHub Advanced Security features across different enterprise products.
  • Determine who should have access to GitHub Advanced Security features within an organization and assign appropriate permissions.
  • Define security policies at the organization and repository levels.
  • Respond to a security alert.
  • Use the security overview to monitor security alerts.
  • Use GitHub Advanced Security API endpoints to manage GHAS features and alerts.

Manage Sensitive Data and Security Policies in GitHub

  • Create documentation outlining security recommendations and useful information for collaborators.
  • Define permissions and other rules.
  • Automate processes to prevent security breaches.
  • Respond to security breaches.

Identify Security Vulnerabilities in Your Codebase Using CodeQL

  • Create a database using CodeQL to extract a single relational representation of each source file in the codebase.
  • Run CodeQL on a database to identify issues in your source code and detect potential security flaws.
  • Understand the results of CodeQL analysis using GitHub-provided queries or your own custom queries.

Analyze Code with GitHub CodeQL

  • Understand CodeQL and how it analyzes code.
  • Understand QL, a unique logical programming language.
  • Set up CodeQL-based code scanning in a GitHub repository.
  • Reference a custom CodeQL query.
  • Configure the language matrix in a CodeQL workflow.
  • Learn how to use the CodeQL CLI to generate code analysis results and upload them to GitHub.
  • Implement custom build steps.

 

Published on 04/24/2025
Teaching methods and procedures
Methods In this course, we combine theory with technical workshops or demonstrations to get you up and running quickly. In addition, each participant receives official Microsoft electronic course material.
One of our training consultants, accredited as a Microsoft Certified Trainer, leads the course. With their solid experience in the field, they make learning both interactive and rewarding.
For assessment purposes, the trainer asks regular questions and uses a variety of methods to measure your learning on an ongoing basis. This approach makes for a dynamic and captivating learning experience
After the course, we ask you to fill in a satisfaction questionnaire. Your feedback helps us to maintain and constantly improve the quality of our training courses. What’s more, to ensure rigorous follow-up, each participant signs a sign-in sheet for each half-day of attendance.
Finally, we offer the flexibility of delivering this training both face-to-face and remotely, and it can be customised to meet your company’s specific needs on request.pedagogiques.
Accessibility
You can register for one of our courses up to two working days before it starts, provided there are still places available and we have received your signed quotation.
What’s more, if you have specific needs related to a disability, don’t hesitate to ask; we are happy to adapt our services to suit the type of disability.
Pre-registration to the training
GH-500: Security in GitHub

    * required fields

    This information is collected by CELLENZA, in its capacity as data controller, for the sole purposes of (i) managing your pre-registration and (ii) sending you commercial emails about its activities. To find out more about the management of your data and your rights, consult the privacy policy by CELLENZA

    Nos formations sur la même thématique

    New

    GH-900: GitHub foundations

    Github
    Level : Beginner
    Duration : 2 Days
    This course introduces you to the fundamental concepts, features and products of GitHub. You’ll discover the benefits of using GitHub…
    Know more