1. Home
  2. GitHub Advanced Security (GHAS) Developer Training

GitHub Advanced Security (GHAS) Developer Training

GitHub

GitHub Advanced Security allows you to have a “developer-first” approach to Application Security, recognizing that developers have a critical role to play in securing your applications. This training will enable developers in your organization to both understand and effectively use the features of Advanced Security.

Team Learning

Our learning experts provide private training for teams. Start a conversation about your training needs by calling us at 929.777.8102 or filling out our team training form below.

Setup A Conversation

 

What You'll Learn

Understand the key components of GitHub Advanced Security (Code Scanning, Secret Scanning and Dependabot).

Enable Secret Scanning and understand how to triage and remediate results.

Enable Dependabot and understand how to triage and remediate results.

 

Enable CodeQL analysis within GitHub Actions to perform static analysis for commonly used languages.

Configure GitHub Actions to trigger CodeQL analysis on both a schedule and in response to a Pull Request.

Interact effectively with the Code Scanning user interface to understand, triage and remediate reported vulnerabilities.

 

Understand how to configure CodeQL to improve the quality of results.

 

Understand how to integrate common third party tools into Code Scanning via GitHub Actions.

 

 

 

 

Why Coveros?

 

Who Should Attend?

  • Developers
  • Product Security teams
  • DevSecOps teams

Prerequisites

This engagement will consist of one session of 2 hours face-to-face time. Maximum session size is typically 20 people.

Course Outline
What is GitHub Advanced Security (GHAS)
Features of GHAS
The benefits of using GHAS
 
Securing Dependencies
Dependency Review
Dependabot & Dependency Graph
 
Secret Scanning
Using Secret Scanning
Create custom secrets
Code Scanning
Using CodeScanning
Using 3rd Party Tools with SARIF
 
CodeQL
What is CodeQL
How to Interact with CodeQL
Setting Up CodeQL GitHub Actions
 
GHAS in the Developer Flow
Class Daily Schedule
 
 
Training Course Fee Includes
  • Easy course access: Attend training right from your computer and easily connect your audio via computer or phone. Easy and quick access fits todayís working style and eliminates expensive travel and long days in the classroom.
  • Live, expert instruction: Instructors are sought-after practitioners, highly-experienced in the industry who deliver a professional learning experience in real-time.
  • Valuable course materials: Courses cover the same professional content as our classroom training, and students have direct access to valuable materials.
  • Rich virtual learning environment: A variety of tools are built in to the learning platform to engage learners through dynamic delivery and to facilitate a multi-directional flow of information.
  • Hands-on exercises: An essential component to any learning experience is applying what you have learned. Using the latest technology, your instructor can provide hands-on exercises, group activities, and breakout sessions.
  • Real-time communication: Communicate real-time directly with the instructor. Ask questions, provide comments, and participate in the class discussions.
  • Peer interaction: Networking with peers has always been a valuable part of any classroom training. Live Virtual training gives you the opportunity to interact with and learn from the other attendees during breakout sessions, course lecture, and Q&A.
  • Small class size: Live Virtual courses are limited in small class size to ensure an opportunity for personal interaction.