This bootcamp is designed to help familiarize you with GitHub Advanced Security (GHAS) so that you can better understand how to use it in your own repositories.
-
You must have a GitHub account. If you don't have, see "Creating an account on GitHub."
-
Import the follwoing repo to your personal github account, choose Public visibility for this labs purpose. Or Fork the repository https://github.com/CanarysPlayground/ghcap-github-ghas.git
We will go over the following topics:
Exercise 1: Dependabot: link
- Enabling Dependabot alerts
- Reviewing the dependency graph
- Viewing and managing results
- Enabling Dependabot security updates
- Configuring Dependabot security updates
- Working with Dependency Review
Exercise 2: Secret scanning: link
- Enabling secret scanning
- Viewing and managing results
- Excluding files from secret scanning
- Custom patterns for secret scanning
- Managing access to alerts
Exercise 3: Code scanning: link
- Enabling code scanning
- Reviewing any failed analysis jobs
- Using context and expressions to modify build
- Reviewing and managing results
- Triaging a result in a PR
- About code scanning
- About Dependabot Alerts
- About secret scanning
- Events that trigger workflows
- Configuring the CodeQL workflow for compiled languages
- Configuring code scanning
- Configuring notifications for Dependabot alerts
- Customizing dependency updates
- Configuration options for the dependabot.yml file
- Filter pattern cheat sheet
- Running additional queries
- Troubleshooting the CodeQL workflow
- Code scanning API
- Secret scanning API
- GraphQL API
- REST API