GitHub Advanced Security (GHAS) Security Team Training
This training session supports those who are responsible for reviewing, monitoring and driving remediation of security results across an enterprise. It explores how access can be granted security results, how enablement can be tracked, how results can be reviewed across entire enterprises and how the webhooks and APIs can be used to create custom workflows, integrations and reporting.
What Are You Looking For?
Team Learning
Our learning experts provide private training for teams. Start a conversation about your training needs by calling us at 929.777.8102 or filling out our team training form below.
Individual Learning
Join one of our upcoming public learning sessions. We offer both virtual sessions and in-person training at our industry-leading software conferences.
What You'll Learn
✔ Understand how to enable access to view the key components of GitHub Advanced Security (Code Scanning, Secret Scanning and Dependabot).
✔ Explore in-built reporting options (Security Overview per repository, per organization and per enterprise).
✔ Discuss third-party options available for reporting (including Splunk).
✔ Explore APIs to enable roll-your-own workflows, and a review of some of the examples we provide.
✔ Understand the options available for reporting, monitoring and responding to Advanced Security alerts.
✔ Understand how to use webhooks and APIs to implement common security integration and reporting workflows.
Why Coveros?
Who Should Attend?
- Product Security teams
- DevSecOps teams
Prerequisites
This engagement will consist of one session of 2 hours face-to-face time. Maximum session size is typically 15 people.
Code Scanning Alerts at an organization level
- Limitations vs repo-level (no tag filtering)
- Workarounds using free text search
Secret Scanning Alerts at an organization level
Dependabot Alerts at an organization level - CVE filtering using free text search
Dependabot Insights at an organization level
Enterprise Security Overview [Beta, GitHub.com only]
Splunk integration (demo the dashboard)
Monitoring and responding to Advanced Security alerts
Setting up webhooks - demo using ngrok
Using the APIs
- Demo of fetching results for an organization
- Talk through a more sophisticated example (https://github.com/GeekMasher/advanced-security-compliance)
Creating issues from alerts
- GitHub issues
- JIRA integration (https://github.com/github/ghas-jira-integration)
Class Daily Schedule
Training Course Fee Includes
- Easy course access: Attend training right from your computer and easily connect your audio via computer or phone. Easy and quick access fits todayís working style and eliminates expensive travel and long days in the classroom.
- Live, expert instruction: Instructors are sought-after practitioners, highly-experienced in the industry who deliver a professional learning experience in real-time.
- Valuable course materials: Courses cover the same professional content as our classroom training, and students have direct access to valuable materials.
- Rich virtual learning environment: A variety of tools are built in to the learning platform to engage learners through dynamic delivery and to facilitate a multi-directional flow of information.
- Hands-on exercises: An essential component to any learning experience is applying what you have learned. Using the latest technology, your instructor can provide hands-on exercises, group activities, and breakout sessions.
- Real-time communication: Communicate real-time directly with the instructor. Ask questions, provide comments, and participate in the class discussions.
- Peer interaction: Networking with peers has always been a valuable part of any classroom training. Live Virtual training gives you the opportunity to interact with and learn from the other attendees during breakout sessions, course lecture, and Q&A.
- Small class size: Live Virtual courses are limited in small class size to ensure an opportunity for personal interaction.
Never Miss a Thing.
Sign up for our mailing list and stay up to date
on training opportunities.