GithubHelp home page GithubHelp logo

callmegreg / ghas-bootcamp Goto Github PK

View Code? Open in Web Editor NEW

This project forked from ghas-bootcamp/ghas-bootcamp

0.0 0.0 0.0 27.98 MB

This bootcamp is designed to familiarize you with GitHub Advanced Security (GHAS) so that you can better understand how to use it in your own repositories.

License: MIT License

JavaScript 7.18% Python 17.04% Java 26.32% Go 21.48% HTML 0.83% Vue 8.62% Dockerfile 0.99% Less 17.55%

ghas-bootcamp's Introduction

GitHub Advanced Security Bootcamp

Prerequisites โ€ข Resources

This bootcamp is designed to help familiarize you with GitHub Advanced Security (GHAS) so that you can better understand how to use it in your own repositories.

๐Ÿ“ฃ Prerequisites

To participate in the workshop you need a GitHub account and need to be invited to the workshop organization ghas-bootcamp. If your repository hasn't been automatically created in the workshop organization, either click Use this template and create a repository under this organization, or create a new repository and push a copy of the ghas-bootcamp repository to an organization with GHAS enabled.

git clone https://github.com/ghas-bootcamp/ghas-bootcamp.git
cd ghas-bootcamp
git remote set-url origin [email protected]:{org-or-username}/{repo-name}.git

๐Ÿซ Agenda

We will go over the following topics:

Day one

Day one learning

  • Comprehensive overview of GHAS
  • Securing your supply chain with dependency management
  • Secret scanning
  • Rolling out GHAS in your organization
  • Q&A

Day one: Dependabot and Secret scanning exercises

Dependabot: link
  • Enabling Dependabot alerts
  • Reviewing the dependency graph
  • Viewing and managing results
  • Enabling Dependabot security updates
  • Configuring Dependabot security updates
  • Working with Dependency Review
Secret scanning: link
  • Enabling secret scanning
  • Viewing and managing results
  • Excluding files from secret scanning
  • Custom patterns for secret scanning
  • Managing access to alerts
Day two

Day two learning

  • Explore how code scanning works
  • What is Security Overview?
  • CodeQL Demo
  • Final Q&A

Day Two: Code scanning + CodeQL demo

Code scanning: link
  • Enabling code scanning
  • Reviewing any failed analysis jobs
  • Using context and expressions to modify build
  • Reviewing and managing results
  • Triaging a result in a PR
  • Customizing CodeQL configuration
  • Adding your own code scanning suite to exclude rules
  • Understanding how to add a custom query
  • CodeQL demo

๐Ÿ“š Resources

ghas-bootcamp's People

Contributors

jenniferkerns avatar rajbos avatar therealkujo avatar moose0621 avatar felickz avatar callmegreg avatar leftrightleft avatar knewbury01 avatar kllund avatar tinywizard avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.