Learn what you need to know to pass the GitHub Advanced Security Certification.
Highlight your code security knowledge with the GitHub Advanced Security certification. Validate your expertise in vulnerability identification, workflow security, and robust security implementation-elevating software integrity standards.
⭐️ Course Contents ⭐️
GitHub Advanced Security Overview
00:00:00 Introduction
00:09:24 Git Overview
00:10:22 GitHub Overview
00:11:26 Git Terms
00:14:53 GitHub Repo Overview
00:15:46 Git Commit Overview
00:16:40 Git Branch Overview
00:17:52 Git Remote to Downstream or Upstream
00:18:28 Advanced Security Overview
00:19:08 GHAS Enabled Plans
00:21:02 GitHub Security
00:22:56 GHAS Use Cases
00:23:58 GHAS Components
00:25:03 Taking action on Alerts
00:26:38 How to enable GHAS
00:27:53 How to enable GHAS Automatically
00:29:14 Which GHAS do you have
00:30:13 GHAS Introduction Follow Along
Security Overview
00:41:27 What is a Security Vulnerability
00:42:41 Types of Security Vulnerabilities
00:43:54 0 Day Vulnerabilities
00:44:23 Most Common Vulnerabilities
00:44:51 Finding Vulnerabilities in GitHub
00:45:51 GitHub Advisory Database
Secret Scanning
00:46:56 Secret Scanning Overview
00:47:31 Secret Scanning Locations
00:47:58 Enabling Secret Scanning
00:48:09 Secret Scanning Partner Program
00:48:47 Partner Program Use Case
00:49:41 Starting a Scan
00:50:11 Scan Running Times
00:51:08 Secret Scanning Follow Along
00:53:45 Set Ignore Follow Along
00:57:05 Set Notifications Follow Along
Dependency Management
01:01:17 Open Source Popularity
01:01:42 Open Source Maintenance Problems
01:02:19 Dependency Graph for Open Source
01:02:36 Dependency Graph Examples
01:02:59 Dependabot Overview
01:03:19 Dependabot Use Case Example
01:04:27 Dependabot Features
01:05:10 Enabling Dependabot
01:05:40 Dependabot Licensing for Private Repos
01:05:58 Dependabot Private Repository Workflow
01:06:23 Triaging Dependabot Vulnerabilities
01:07:32 Dependabot Limitations
01:08:39 Dependabot Follow Along
Code Scanning
01:20:07 Code Scanning Overview
01:20:31 Supported Repositories
01:21:02 How Code Scanning Works
01:21:25 Starting a Scan
01:22:44 Code Scanning Setup Options
01:24:16 Where to Implement Scanning
01:25:17 Code Scanning Actions
01:25:35 Scanning Trigger Types
01:26:40 Code Scanning Follow Along
CodeQL
01:38:33 Enabling Code Scanning
01:39:00 Third Party SARIF Files Overview
01:39:39 Uploading Third Party SARIF Files
01:40:09 Third Party SARIF File Example
01:40:42 Default Code Scanning
01:41:36 Custom Code Scanning
01:41:58 Code Language Detection Scanning
01:42:34 CodeQL Database Analysis
01:43:15 CodeQL Query Analysis
01:44:10 Types of CodeQL Queries
01:44:52 CodeQL Queries DeepDive
01:45:42 Code Query Anatomy
01:47:29 Code Query Suite
01:47:52 Types of Code Query Suites
01:48:28 Code Query Findings
01:49:04 CodeQL Packs
01:50:08 Code Scanning Workflow
01:50:50 CodeQL Partner Integrations
01:51:25 Workflow Priority Order
01:51:55 Alerts Workflow
01:53:08 Alerts Security Incident Example
01:54:12 CodeQL Follow Along
GHAS Best Practices
02:17:40 Software Development Lifecycle SDLC
02:18:30 SDLC Restricting Access
02:19:11 SDLC Security Overview
02:19:54 SDLC Security Policies
02:20:28 SDLC Secret Scanning
02:21:10 SDLC Security Workflow
02:22:02 Types of Vulnerabilities
02:23:16 GitHub Advisory Database
02:24:03 Developer Roles and Responsibilities
02:25:09 Security Roles and Responsibilities
02:25:37 Admin Roles and Responsibilities
02:26:13 Additional Roles and Responsibilities
02:27:11 Notifying Responsible Parties
02:28:13 Triage Workflow based on Risk Ratings
GHAS for Enterprise
02:29:34 Should I purchase a GHAS License
02:30:08 Enabling GHAS in GitHub
02:30:49 Levels of Enablement
02:31:42 Levels of Access to Alerts
02:33:16 Required Level of Access
02:33:52 Security Overview
02:34:27 GHAS Logging
02:35:08 API Endpoints for Security
❤️ Support for this channel comes from our friends at Scrimba - the coding platform that's reinvented interactive learning: scrimba.com/freecodecamp