This bootcamp is designed to help familiarize you with GitHub Advanced Security (GHAS) so that you can better understand how to use it in your own repositories.
To participate in the workshop you need a GitHub account and need to be invited to the workshop organization ghas-bootcamp. If your repository hasn't been automatically created in the workshop organization, either click Use this template
and create a repository under this organization, or create a new repository and push a copy of the ghas-bootcamp
repository to an organization with GHAS enabled.
git clone https://github.com/ghas-bootcamp/ghas-bootcamp.git
cd ghas-bootcamp
git remote set-url origin [email protected]:{org-or-username}/{repo-name}.git
example: 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
We will go over the following topics:
Day one
- Comprehensive overview of GHAS
- Securing your supply chain with dependency management
- Secret scanning
- Rolling out GHAS in your organization
- Q&A
Dependabot: link
- Enabling Dependabot alerts
- Reviewing the dependency graph
- Viewing and managing results
- Enabling Dependabot security updates
- Configuring Dependabot security updates
- Working with Dependency Review
Secret scanning: link
- Enabling secret scanning
- Viewing and managing results
- Excluding files from secret scanning
- Custom patterns for secret scanning
- Managing access to alerts
Day two
- Explore how code scanning works
- What is Security Overview?
- CodeQL Demo
- Final Q&A
Code scanning: link
- Enabling code scanning
- Reviewing any failed analysis jobs
- Using context and expressions to modify build
- Reviewing and managing results
- Triaging a result in a PR
- Customizing CodeQL configuration
- Adding your own code scanning suite to exclude rules
- Understanding how to add a custom query
- CodeQL demo
- About code scanning
- About Dependabot Alerts
- About secret scanning
- Events that trigger workflows
- Configuring the CodeQL workflow for compiled languages
- Configuring code scanning
- Configuring notifications for Dependabot alerts
- Customizing dependency updates
- Configuration options for the dependabot.yml file
- Filter pattern cheat sheet
- Running additional queries
- Troubleshooting the CodeQL workflow
- Code scanning API
- Secret scanning API
- GraphQL API
- REST API