Training: GitHub Advanced Security (GH-500)

Ref. GH-500

Download PDF

Duration:

1

day

Exam:

Not certifying

Level:

Intermediate

Funding:

Eligible

Home > Trainings > IT Pro > GitHub Advanced Security (GH-500)

GitHub Advanced Security (GH-500)

La sécurité dans le développement logiciel n’a jamais été aussi cruciale qu’aujourd’hui. C’est pourquoi comprendre et maîtriser GitHub devient essentiel pour toute équipe de développement ambitieuse. La formation “Sécurité avancée GitHub (GH-500)” est conçue pour vous donner toutes les compétences nécessaires pour intégrer la sécurité dès les premières étapes de vos projets. Grâce aux puissantes fonctionnalités de GitHub Advanced Security, vous saurez comment protéger votre code, votre chaîne d’approvisionnement et vos secrets avant même la mise en production.

Ce cours vous propose une approche concrète et progressive, adaptée aux développeurs, chefs de projet et responsables de la sécurité. À travers des modules pratiques et accessibles, vous apprendrez à configurer des analyses de code, à utiliser CodeQL pour détecter les vulnérabilités, et à déployer des stratégies de sécurité robustes au sein de votre organisation.

Pourquoi choisir la formation Sécurité avancée GitHub ?

Grâce à une compréhension approfondie de l’écosystème de GitHub, vous deviendrez un acteur clé de la sécurisation de vos projets. Vous découvrirez comment sécuriser vos dépôts, analyser vos dépendances et prévenir les fuites d’informations sensibles. Cette formation vous prépare à anticiper les risques et à réagir efficacement face aux menaces.

Participant Profiles

Software developers
Software architects
DevOps engineers
Information security managers
Technical project managers

Objectives

Understand the core features of GitHub Advanced Security
Configure security updates with Dependabot
Set up and use secret scanning on GitHub
Implement code scanning with CodeQL
Identify and fix security vulnerabilities in code
Administer and manage access to GitHub Advanced Security
Define and enforce security policies within repositories

Prerequisites

Have an active GitHub account
Understand the basics of using GitHub
Understand the fundamental principles of software development

Course Content

Module 1: Introduction to GitHub Advanced Security

Define GHAS and the importance of its core features
Use GHAS to maximize its impact
Understand GHAS and its role in the security ecosystem

Module 2: Configure Dependabot security updates on your GitHub repository

Manage your dependencies on GitHub
Dependabot alerts
Dependabot security updates
Manage Dependabot notifications and reports
Dependency review

Module 3: Configure and use secret scanning in your GitHub repository

Understand secret scanning
Configure secret scanning
Use secret scanning

Module 4: Configure code scanning on GitHub

Understand code scanning
Enable code scanning with third-party tools
Configure code scanning

Module 5: Identify security vulnerabilities in your codebase using CodeQL

Prepare a database for CodeQL
Run CodeQL in a database
Understand CodeQL results
Fix issues identified by CodeQL

Module 6: Code analysis with GitHub CodeQL

Understand what CodeQL is
Understand how CodeQL analyzes code
Understand what QL is
Connect code scanning and CodeQL
Customize your code analysis workflow with CodeQL: Part 1
Reference a CodeQL query
Customize your code analysis workflow with CodeQL: Part 2
Use the CodeQL CLI interface
Customize languages and builds for code scanning
Configure a CodeQL language matrix

Module 7: GitHub administration for GitHub Advanced Security

Understand GitHub Advanced Security
Enable GitHub Advanced Security
Manage access to GitHub Advanced Security
Manage alerts and features of GitHub Advanced Security

Module 8: Manage sensitive data and security policies in GitHub

Define security policies
Create and manage repository rule sets
Generate reports and audit logs

Module 9: Identify security vulnerabilities in your codebase using CodeQL

Prepare a database for CodeQL
Run CodeQL in a database
Understand CodeQL results
Fix issues identified by CodeQL

Module 10: Code scanning with GitHub CodeQL

Understand what CodeQL is
Analyze how CodeQL processes code
Understand the QL language
Connect code analysis and CodeQL
Customize a code scanning workflow with CodeQL: Part 1
Reference a CodeQL query
Customize a code scanning workflow with CodeQL: Part 2
Use the CodeQL CLI interface
Customize languages and builds for code scanning
Configure a CodeQL language matrix

Module 11: GitHub administration for GitHub Advanced Security

Understand where GitHub Advanced Security fits into your development lifecycle
Enable GitHub Advanced Security
Manage access and usage of GitHub Advanced Security
Manage alerts and associated features

Module 12: Manage sensitive data and security policies within GitHub

Understand GitHub’s basic security tools
Create and apply security policies to repositories
Manage repository rule sets
Generate reports and audit security actions

Documentation

Access to Microsoft Learn, Microsoft’s online learning platform, offering interactive resources and educational content to deepen your knowledge and develop your technical skills.

Lab / Exercises

This course provides you with exclusive access to the official Microsoft lab, enabling you to practice your skills in a professional environment.

Complementary Courses

Eligible Funding

ITTA is a partner of a continuing education fund dedicated to temporary workers. This fund can subsidize your training, provided that you are subject to the “Service Provision” collective labor agreement (CCT) and meet certain conditions, including having worked at least 88 hours in the past 12 months.

Additional Information

Master GitHub to strengthen software security

Security in software development is a crucial issue. GitHub, as a leading platform, offers advanced tools to help teams protect their code from the very start. Through this training, you will learn how to integrate security directly into your workflows using GitHub Advanced Security. You will discover how to detect vulnerabilities before production and how to address them effectively.

Detect vulnerabilities before they become risks

A secure codebase is one that is systematically reviewed. Thanks to automatic code scanning and the use of CodeQL, you will be able to quickly identify critical vulnerabilities in your projects. This preventive approach helps avoid the costs and impacts associated with late-discovered flaws. You will also learn how to customize your analyses to better target the specific risks of your applications.

Manage dependencies and prevent supply chain vulnerabilities

Many recent security incidents stem from compromised dependencies. Through this training, you will discover how GitHub Dependabot can monitor and automatically fix vulnerabilities found in your third-party libraries. You will learn to implement continuous dependency monitoring and receive precise alerts to keep your projects updated and secure.

Protect sensitive data with secret scanning

The accidental leak of API keys, passwords, or other secrets can compromise a project in seconds. Secret scanning helps you immediately identify any sensitive information present in your code. You will learn how to configure this powerful tool to ensure your repositories comply with best practices in confidentiality and security.

Deploy a consistent security strategy across the organization

Securing a project does not stop at code quality. It requires the implementation of clear security policies and their systematic application across all repositories. This training will show you how to create repository rule sets on GitHub, generate audit reports, and ensure your projects meet industry standards.

Ensure effective administration of GitHub Advanced Security

Fully leveraging GitHub Advanced Security features requires good administration. You will learn how to enable security features, manage user access, and configure notifications. This will allow you to control your entire GitHub environment while promoting better collaboration between developers and security teams.

FAQ

Is this training suitable for GitHub beginners?
This course is intended for users who have basic knowledge of GitHub and wish to advance their skills in securing projects.

Do I need to install specific tools to take the course?
No, everything is done directly within GitHub using built-in tools like CodeQL, Dependabot, and secret scanning. You will also learn to use the CodeQL CLI if needed.

Is the training practical or theoretical?
It combines essential theoretical insights with practical exercises to solidify your skills. The goal is for you to immediately apply what you learn to your own GitHub projects.

What benefits will I gain from this training?
You will learn to anticipate security risks, effectively secure your GitHub repositories, and adopt best practices to protect your projects in the long term.