1. Home
  2. GitHub Advanced Security (GHAS) Security Team Training

GitHub Advanced Security (GHAS) Security Team Training

GitHub

Specialized GitHub Advanced Security (GHAS) training for security teams.

Full Description and Outline

Upcoming Classes

= Guaranteed to Run
Dates
Mode
Location
Price
Call to Schedule
Anytime
On-Site / Private
Your Location
Your Location
Request a Quote
Contact Us
Select a learning mode button (Public, Live Virtual, etc.) for pricing, details, and a downloadable fact sheet.
Description

This training session supports those who are responsible for reviewing, monitoring and driving remediation of security results across an enterprise. It explores how access can be granted security results, how enablement can be tracked, how results can be reviewed across entire enterprises and how the webhooks and APIs can be used to create custom workflows, integrations and reporting.

What Are You Looking For?

Team Learning

Our learning experts provide private training for teams. Start a conversation about your training needs by calling us at 929.777.8102 or filling out our team training form below.

Setup A Conversation

Individual Learning

Join one of our upcoming public learning sessions. We offer both virtual sessions and in-person training at our industry-leading software conferences.

See Upcoming Sessions

 

What You'll Learn

Understand how to enable access to view the key components of GitHub Advanced Security (Code Scanning, Secret Scanning and Dependabot).

Explore in-built reporting options (Security Overview per repository, per organization and per enterprise).

Discuss third-party options available for reporting (including Splunk).

 
 

Explore APIs to enable roll-your-own workflows, and a review of some of the examples we provide.

Understand the options available for reporting, monitoring and responding to Advanced Security alerts.

Understand how to use webhooks and APIs to implement common security integration and reporting workflows.

 

Why Coveros?

 

  • Product Security teams
  • DevSecOps teams

This engagement will consist of one session of 2 hours face-to-face time. Maximum session size is typically 15 people.

Questions? 929.777.8102 [email protected]
Course Outline
Review of Advanced Security features
 
Granting access to configure Advanced Security and view results
Permissions required to view results on repositories
Security manager role:
  • What permissions the security manager role grants.
  • How to setup teams, add members and make the team a security manager team.
Custom roles
  • Using custom roles with GitHub Advanced Security permissions to create custom
 
Reviewing alerts
Reviewing alerts on repository level
  • Code Scanning Alerts - security severity search, tag search (to view by CWE), resolution search, free text search
  • Secret Scanning Alerts - secret type, provider
  • Dependabot Alerts
Security Overview - reviewing results at an organization level
  • Using the Security Overview to answer common questions such as:
    • “How widely are the GHAS features deployed?”
    • “Which repositories currently have most risk?"
    • “Which repositories have more 100 Code Scanning alerts?”
Code Scanning Alerts at an organization level
  • Limitations vs repo-level (no tag filtering)
  • Workarounds using free text search
Secret Scanning Alerts at an organization level
Dependabot Alerts at an organization level - CVE filtering using free text search
Dependabot Insights at an organization level
Enterprise Security Overview [Beta, GitHub.com only]
Splunk integration (demo the dashboard)
 
Monitoring and responding to Advanced Security alerts
Setting up webhooks - demo using ngrok
Using the APIs
Creating issues from alerts
Related Courses
GitHub for Developers

For developers, gain confidence with Git and GitHub with hands-on, practical training.Learn more

GitHub Advanced Security (GHAS) - Rollout and Deployment

Gain best practices for successfully rolling out GitHub Advanced Security (GHAS).Learn more

UX United - User Experience Certified Ambassador (UXU - UXCA)

If you want to become a true user experience ambassador, then you are in the right place. During this 3-day training you will learn everything you...Learn more

Bring this course to your team at your site. Contact us to learn more at 929.777.8102.

= Guaranteed to Run
Dates
Mode
Location
Price
Call to Schedule
Anytime
On-Site / Private
Your Location
Your Location
Request a Quote
Contact Us
Download Fact Sheet
Description

This training session supports those who are responsible for reviewing, monitoring and driving remediation of security results across an enterprise. It explores how access can be granted security results, how enablement can be tracked, how results can be reviewed across entire enterprises and how the webhooks and APIs can be used to create custom workflows, integrations and reporting.

What Are You Looking For?

Team Learning

Our learning experts provide private training for teams. Start a conversation about your training needs by calling us at 929.777.8102 or filling out our team training form below.

Setup A Conversation

Individual Learning

Join one of our upcoming public learning sessions. We offer both virtual sessions and in-person training at our industry-leading software conferences.

See Upcoming Sessions

 

What You'll Learn

Understand how to enable access to view the key components of GitHub Advanced Security (Code Scanning, Secret Scanning and Dependabot).

Explore in-built reporting options (Security Overview per repository, per organization and per enterprise).

Discuss third-party options available for reporting (including Splunk).

 
 

Explore APIs to enable roll-your-own workflows, and a review of some of the examples we provide.

Understand the options available for reporting, monitoring and responding to Advanced Security alerts.

Understand how to use webhooks and APIs to implement common security integration and reporting workflows.

 

Why Coveros?

 

Who Should Attend?

  • Product Security teams
  • DevSecOps teams

Prerequisites

This engagement will consist of one session of 2 hours face-to-face time. Maximum session size is typically 15 people.

Questions? 929.777.8102 [email protected]
Course Outline
Review of Advanced Security features
 
Granting access to configure Advanced Security and view results
Permissions required to view results on repositories
Security manager role:
  • What permissions the security manager role grants.
  • How to setup teams, add members and make the team a security manager team.
Custom roles
  • Using custom roles with GitHub Advanced Security permissions to create custom
 
Reviewing alerts
Reviewing alerts on repository level
  • Code Scanning Alerts - security severity search, tag search (to view by CWE), resolution search, free text search
  • Secret Scanning Alerts - secret type, provider
  • Dependabot Alerts
Security Overview - reviewing results at an organization level
  • Using the Security Overview to answer common questions such as:
    • “How widely are the GHAS features deployed?”
    • “Which repositories currently have most risk?"
    • “Which repositories have more 100 Code Scanning alerts?”
Code Scanning Alerts at an organization level
  • Limitations vs repo-level (no tag filtering)
  • Workarounds using free text search
Secret Scanning Alerts at an organization level
Dependabot Alerts at an organization level - CVE filtering using free text search
Dependabot Insights at an organization level
Enterprise Security Overview [Beta, GitHub.com only]
Splunk integration (demo the dashboard)
 
Monitoring and responding to Advanced Security alerts
Setting up webhooks - demo using ngrok
Using the APIs
Creating issues from alerts
Class Schedule
 
 
Class Fee Includes
  • Easy course access: Attend training right from your computer and easily connect your audio via computer or phone. Easy and quick access fits todayís working style and eliminates expensive travel and long days in the classroom.
  • Live, expert instruction: Instructors are sought-after practitioners, highly-experienced in the industry who deliver a professional learning experience in real-time.
  • Valuable course materials: Courses cover the same professional content as our classroom training, and students have direct access to valuable materials.
  • Rich virtual learning environment: A variety of tools are built in to the learning platform to engage learners through dynamic delivery and to facilitate a multi-directional flow of information.
  • Hands-on exercises: An essential component to any learning experience is applying what you have learned. Using the latest technology, your instructor can provide hands-on exercises, group activities, and breakout sessions.
  • Real-time communication: Communicate real-time directly with the instructor. Ask questions, provide comments, and participate in the class discussions.
  • Peer interaction: Networking with peers has always been a valuable part of any classroom training. Live Virtual training gives you the opportunity to interact with and learn from the other attendees during breakout sessions, course lecture, and Q&A.
  • Small class size: Live Virtual courses are limited in small class size to ensure an opportunity for personal interaction.

 

Instructors
Jonathan Kauffman

Jonathan Miller Kauffman

Jonathan Miller Kauffman works as an agile software development and test consultant at Coveros. In this role, Jonathan has helped both government and commercial organizations develop and test high-quality applications, and he has gained his experience by working with healthcare, biomedical device, and research organizations. Jonathan also presents at and...Learn More

Questions?

Get in Touch Ways To Save

On-Site/Private Training

Let us bring the learning to your team at your location or in an interactive virtual classroom!
Choose from more than 50 courses.

View all courses

Combine World-Class Training and

Certification with a Conference

Maximize Your Learning Potential

STAR Conference logo

AI Con USA logo

Agile + DevOps USA logo

Never Miss a Thing.

Sign up for our mailing list and stay up to date
on training opportunities.