-
Notifications
You must be signed in to change notification settings - Fork 131
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add advanced security questions 7,8,9,10,11,12 (#96)
- Loading branch information
1 parent
95656fd
commit c7d8606
Showing
6 changed files
with
81 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--- | ||
archetype: "questions" | ||
title: "Question 007" | ||
question: "Which of these best describes secret scanning?" | ||
draft: false | ||
--- | ||
|
||
> https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning | ||
1. [x] Secret scanning will scan your GitHub repository for secrets such as private keys or tokens. | ||
1. [ ] Secret scanning is a tool for secure secret storage and management. | ||
1. [ ] Secret scanning is a git hook that will scan your commits for secrets such as private keys or tokens before they are pushed to GitHub. | ||
1. [ ] Secret scanning scans Your code for potential vulnerabilities that could expose secrets such as private keys or tokens. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
--- | ||
archetype: "questions" | ||
title: "Question 008" | ||
question: "Which parts of the repository are scanned by secret scanning? (Choose two.)" | ||
draft: false | ||
--- | ||
|
||
|
||
> https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning#about-secret-scanning | ||
- [x] Entire git history on all branches in the repository | ||
- [x] Titles, descriptions and comments in open and closed historical issues | ||
- [ ] GitHub Repository secrets | ||
> https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository | ||
- [ ] GitHub Environment secrets | ||
> https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-an-environment | ||
- [ ] Entire git history on all protected branches in the repository |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- | ||
archetype: "questions" | ||
title: "Question 009" | ||
question: "What's the purpose of the Secret scanning partner program?" | ||
draft: false | ||
--- | ||
|
||
|
||
> https://docs.github.com/en/code-security/secret-scanning/secret-scanning-partner-program | ||
1. [x] Service Providers can partner with GitHub so that the format of their secrets can be recognized by GitHub secret scanning. | ||
1. [ ] GitHub Partner program allows enterprises and organizations with GitHub Advanced Security license to use GitHub secret scanning to scan their repositories. | ||
1. [ ] GitHub partners with external security companies to provide secret scanning for GitHub repositories. | ||
1. [ ] It's a program where registered security professionals can in good faith report to GitHub any secrets they find in GitHub repositories and get paid rewards for it. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
archetype: "questions" | ||
title: "Question 010" | ||
question: "Public repositories of personal users aswell as public repositories owned by organizations can use secret scanning for free." | ||
draft: false | ||
--- | ||
|
||
|
||
> https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning#about-secret-scanning | ||
1. [x] True | ||
1. [ ] False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- | ||
archetype: "questions" | ||
title: "Question 011" | ||
question: "How can You prevent commits containing cloud provider credentials from being pushed to GitHub?" | ||
draft: false | ||
--- | ||
|
||
|
||
> https://docs.github.com/en/code-security/secret-scanning/push-protection-for-repositories-and-organizations | ||
1. [x] Enable a secret scanning push protection rule for Your repository or organization. | ||
1. [ ] Include a `.gitignore` file in Your repository that will ignore files containing secrets. | ||
1. [ ] Create a GitHub Action that will scan Your commits for secrets before they are pushed to GitHub. | ||
1. [ ] Enable a branch protection rule for Your repository. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
--- | ||
archetype: "questions" | ||
title: "Question 012" | ||
question: "Which of these is true about the GitHub secret scanning partner program? (Choose three.)" | ||
draft: false | ||
--- | ||
|
||
|
||
> https://docs.github.com/en/code-security/secret-scanning/secret-scanning-partner-program | ||
- [x] It is a program where service providers can provide GitHub with the regex patterns of secrets that they issue so GitHub secret scanning can recognize them. | ||
- [x] When GitHub identifies a secret from a partnered service provider, it notifies the service provider about the leaked secret. | ||
- [x] The partner can take actions upon receiving notification from GitHub about a leaked secret, such as revoking the secret and informing the owner of the compromised secret. | ||
- [ ] It grants the partner access to the secret GitHub scanning API so that the service provider can scan GitHub repositories for secrets that match their format. | ||
> GitHub is always responsible for running the secret scanning, not the partner. | ||
- [ ] GitHub has the ability to automatically revoke leaked secrets and notify the service provider that they have been invalidated by GitHub. | ||
> GitHub does not participate in the revocation of leaked secrets; the service provider has the option to do so. |