AB-100: Architecting agentic AI business solutions Training
Lessons : 0
Topics : 0
Quiz : 0
Who is this AB-100: Architecting agentic AI business solutions Course for? For Professionals Architecting agentic AI bus ....
GH-500 GitHub Advanced Security
GH-500 GitHub Advanced Security course covers GitHub Advanced Security (GHAS) that plays a crucial role in enhancing the security posture of software development projects on GitHub. It provides a comprehensive set of tools and features designed to identify and address security vulnerabilities throughout the development lifecycle. By integrating security directly into the development process with GHAS, your team can build more secure and reliable software. The course will explore how to utilize GHAS to maximize security impact and understand GHAS and its role in the security ecosystem.
This course GH-500 GitHub Advanced Security is intended for students who want to understand and implement advanced security practices with the help of GitHub Advanced Security (GHAS). They will learn how to significantly enhance software development processes and create a more resilient and secure development ecosystem using developer-first solutions to unlock the ability to keep code, supply chain, and secrets secure before you push to production. They will learn how GHAS gives security teams visibility into the cross-organizational security posture and supply chain and unparalleled access to curated security intelligence from millions of developers and security researchers around the world.
Microsoft Courseware
Instructor-Led Training
Course Duration: 1-Day (8-Hours)
Microsoft Official Lab Exercises
Delivered by MCT
Cloud Lab Access
Overview
The GH-500 GitHub Advanced Security course provides a comprehensive understanding of how to secure software development workflows using GitHub Advanced Security (GHAS). Designed for DevOps engineers, administrators, and developers, this course focuses on integrating security directly into the development lifecycle to proactively identify and remediate vulnerabilities.
Participants will explore key GHAS features such as code scanning, secret scanning, and dependency management. The course teaches how to configure and use these tools to detect exposed secrets, manage vulnerable dependencies with Dependabot, and implement code scanning using CodeQL and GitHub Actions. Learners will also understand how to interpret security alerts, customize scanning behavior, and manage access to security insights across teams.
The training emphasizes a developer-first approach to security, enabling teams to secure code, secrets, and the software supply chain before deployment. It also covers advanced topics like push protection, custom scanning patterns, and the Security Overview dashboard for organizational visibility.By the end of the course, learners will be equipped to implement GHAS effectively, enhance their organization’s security posture, and leverage GitHub’s curated security intelligence to build secure, resilient applications.
Modules
Module 1: Introduction to GitHub Advanced Security
- Define GHAS and the importance of the integral features such as Secret scanning, Code scanning, and Dependabot
- Explore how to utilize GHAS to maximize security impact
- Understand GHAS and its role in the security ecosystem
Module 2: Configure Dependabot security updates on your GitHub repo
- Describe the dependency graph and how to export a Software Bill of Materials (SBOM).
- Identify the permissions and roles required to view and enable Dependabot alerts.
- Enable and configure Dependabot alerts and security updates.
- Create and configure the dependency review workflow.
- Identify, review, and address vulnerable dependencies.
- Describe the available tools for managing vulnerable dependencies on GitHub.
Module 3: Configure and use secret scanning in your GitHub repository
- To prevent secret leaks by enabling push protection.
- To enable secret scanning on your repository.
- To configure secret scanning according to your use case.
- To use secret scanning efficiently.
Module 4: Configure code scanning on GitHub
- Describe code scanning.
- List the steps for enabling code scanning in a repository.
- Implement CodeQL analysis in a GitHub Actions workflow and (CI) tools.
- Explain how to configure code scanning on a repository using triggering events.
- Contrast the frequency of code scanning workflows (scheduled vs triggered by events).
Module 5: Identify security vulnerabilities in your codebase by using CodeQL
- Install the CodeQL command-line interface (CLI) from the page for GitHub CodeQL releases.
- Create a database by using CodeQL to extract a single relational representation of each source file in the codebase.
- Run CodeQL in a database to find problems in your source code and find potential security vulnerabilities.
- Analyze CodeQL scan results by using GitHub-created queries or your own custom queries.
Module 6: Code scanning with GitHub CodeQL
- Understand CodeQL and how it analyzes code.
- Understand QL, a unique logic programming language.
- Set up CodeQL based code scanning in a GitHub repository.
- Reference a custom CodeQL query.
- Configure the language matrix in a CodeQL workflow.
- Learn how to use the CodeQL CLI to generate code scanning results and upload them to GitHub.
- Implement custom build steps.
Module 7: GitHub administration for GitHub Advanced Security
- Learn about the different GitHub Advanced Security features and their availability.
- How to enable GitHub Advanced Security according to your enterprise plan.
- How to manage access to the different GitHub Advanced Security features.
- How GitHub Advanced Security lets you manage security alerts.
Module 8: Manage sensitive data and security policies within GitHub
- Create documentation that details security guidelines and useful information for collaborators.
- Set permissions and other rules.
- Manage repository rulesets.
- Automate processes that prevent security risks.
- Respond to sensitive data exposure.
- Export audit log records and git events.
Fees And Schedule
Instructor-Led Training
8-Hours of Instructor-Led Training One to one doubt resolution sessions Microsoft Official Lab AccessLearning Objectives
The GH-500 GitHub Advanced Security course equips learners with the skills to integrate security seamlessly into the software development lifecycle using GitHub Advanced Security (GHAS). Participants will explore how GHAS enhances code security through features like code scanning, secret scanning, and dependency management. The course emphasizes proactive threat detection and remediation, enabling developers and security teams to identify vulnerabilities before code reaches production. Â
Learners will gain hands-on experience configuring and using secret scanning to detect exposed credentials, and Dependabot to manage vulnerable dependencies. They will also understand how to interpret and act on security alerts, customize scanning behavior, and manage access to security insights across teams. The course highlights the importance of Security Overview, push protection, and custom patterns to tailor security to organizational needs.
By the end of the course, learners will be able to implement a developer-first security approach, leverage GitHub’s curated security intelligence, and maintain a secure software supply chain. This training is ideal for DevOps engineers, administrators, and developers aiming to build secure, resilient applications using GitHub Enterprise.
