This bootcamp is designed to help familiarize you with GitHub Advanced Security (GHAS) so that you can better understand how to use it in your own repositories. make a change
To participate in the workshop you need a GitHub account and need to be invited to the workshop organization ghas-bootcamp. If your repository hasn't been automatically created in the workshop organization, either click Use this template and create a repository under this organization, or create a new repository and push a copy of the ghas-bootcamp repository to an organization with GHAS enabled.
git clone https://github.com/ghas-bootcamp/ghas-bootcamp.git
cd ghas-bootcamp
git remote set-url origin [email protected]:{org-or-username}/{repo-name}.gitWe will go over the following topics:
Day one
- Comprehensive overview of GHAS
- Securing your supply chain with dependency management
- Secret scanning
- Rolling out GHAS in your organization
- Q&A
Dependabot: link
- Enabling Dependabot alerts
- Reviewing the dependency graph
- Viewing and managing results
- Enabling Dependabot security updates
- Configuring Dependabot security updates
- Working with Dependency Review
Secret scanning: link
- Enabling secret scanning
- Viewing and managing results
- Excluding files from secret scanning
- Custom patterns for secret scanning
- Managing access to alerts
Day two
- Explore how code scanning works
- What is Security Overview?
- CodeQL Demo
- Final Q&A
Code scanning: link
- Enabling code scanning
- Reviewing any failed analysis jobs
- Using context and expressions to modify build
- Reviewing and managing results
- Triaging a result in a PR
- Customizing CodeQL configuration
- Adding your own code scanning suite to exclude rules
- Understanding how to add a custom query
- CodeQL demo
- About code scanning
- About Dependabot Alerts
- About secret scanning
- Events that trigger workflows
- Configuring the CodeQL workflow for compiled languages
- Configuring code scanning
- Configuring notifications for Dependabot alerts
- Customizing dependency updates
- Configuration options for the dependabot.yml file
- Filter pattern cheat sheet
- Running additional queries
- Troubleshooting the CodeQL workflow
- Code scanning API
- Secret scanning API
- GraphQL API
- REST API