This bootcamp is designed to get you familiar with GitHub Advanced Security (GHAS) so that you can better understand how to use it in your own repositories.
To participate in the workshop you need a GitHub account and need to be invited to the workshop organization ghas-bootcamp. If your repository hasn't been automatically created in the workshop organization, either click Use this template and create a repository under this organization, or create a new repository and push a copy of the ghas-bootcamp repository.
git clone https://github.com/ghas-bootcamp/ghas-bootcamp.git
cd ghas-bootcamp
git remote set-url origin [email protected]:{org-or-username}/{repo-name}.gitWe will go over the following topics:
Day One
- Comprenhensive overview of GHAS
- Securing your supply chain with Dependency management
- Secret scanning
- Rolling out GHAS in your organization
- Q&A
- Enabling secret scanning
- Viewing and managing results
- Excluding files from secret scanning
- Custom patterns for secret scanning
- Managing access to alerts
- Enabling Dependabot alerts
- Reviewing the dependency graph
- Viewing and managing results
- Enabling Dependabot security updates
- Configuring Dependabot security updates
- Working with Dependency Review
Day Two
- Explore how code scanning works
- What is Security Overview?
- CodeQL Demo
- Final Q&A
- Enabling code scanning
- Reviewing any failed analysis job
- Using context and expressions to modify build
- Reviewing and managing results
- Triaging a result in a PR
- Customizing CodeQL Configuration
- Adding your own code scanning suite to exclude rules
- Understanding how to add a custom query
- CodeQL Demo
- About code scanning
- About dependency scanning
- About secret scanning
- Action events that trigger workflows
- Configuring builds for compiled languages
- Configuring code scanning
- Configuring notifications for dependabot alerts
- Customizing dependency updates
- Dependency update configuration options
- Filter pattern cheat sheet
- Running additional queries
- Troubleshooting code scanning workflow
- Code scanning API
- Secret scanning API
- GraphQL API
- REST API
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent