This bootcamp is designed to help familiarize you with GitHub Advanced Security (GHAS) so that you can better understand how to use it in your own repositories.
git clone https://github.com/ghas-bootcamp/ghas-bootcamp.git
cd ghas-bootcamp
git remote set-url origin [email protected]:{org-or-username}/{repo-name}.git
Agenda- What is GitHub Advanced Security?
- GitHub Advanced Security Licensing?
- GHAS Enablement
- How does it work?
Instructions for the hands-on exercises: Developer Exercises - Day 1
- How does it work? (Contd.)
- Access, Notifications and alerts
- Integrations - GHAS API and Webhooks
- Troubleshooting GHAS
Instructions for the hands-on exercises: Developer Exercises - Day 2
- About code scanning
- About Dependabot Alerts
- About secret scanning
- Events that trigger workflows
- Configuring the CodeQL workflow for compiled languages
- Configuring code scanning
- Configuring notifications for Dependabot alerts
- Customizing dependency updates
- Configuration options for the dependabot.yml file
- Filter pattern cheat sheet
- Running additional queries
- Troubleshooting the CodeQL workflow
- Code scanning API
- Secret scanning API
- GraphQL API
- REST API