Course Price: Original price was: $500.00.$400.00Current price is: $400.00.
Course Price
Original price was: $500.00.$400.00Current price is: $400.00.
20% OFF. Expires in
GitHub Advanced Security Training (GH-500)
The GitHub Advanced Security Training (GH-500) course is designed for developers, DevOps engineers, and security professionals who want to embed security directly into the software development lifecycle. The GH-500: GitHub Advanced Security course focuses on identifying, prioritizing, and remediating security vulnerabilities in code before they reach production, enabling organizations to adopt a true DevSecOps approach. This GitHub Advanced Security Training (GH-500) is ideal for organizations looking to shift security left and empower development teams to take ownership of code security without slowing innovation. By leveraging native GitHub security features, teams can simplify governance, reduce exposure to open‑source risks, and improve overall software quality.
Aligned with the GH-500 certification, the course emphasizes real-world security scenarios and best practices. Participants learn how to interpret security alerts, configure scanning policies, and integrate security checks into CI/CD pipelines using GitHub Actions. The GitHub Advanced Security Training (GH-500) also explores how to manage security at scale across repositories and organizations, helping teams move from reactive fixes to proactive risk management.
By the end of this course, learners will be able to:
- Understand and implement GitHub Advanced Security features for secure software development
- Configure and use code scanning, secret scanning, and dependency security alerts
- Identify, prioritize, and remediate security vulnerabilities effectively
- Integrate security checks into CI/CD pipelines using GitHub Actions
- Prepare confidently for the GH-500: GitHub Advanced Security certification exam
Who should attend the GH-500: GitHub Advanced Security course ?
For Professionals
This course is designed for professionals responsible for securing software development workflows using GitHub Advanced Security (GHAS), with a focus on code security, secret protection, and supply‑chain risk management across enterprise GitHub environments. Target job roles: DevSecOps Engineer, Security Engineer / Security Analyst, Senior Software Developer / Tech Lead, DevOps / Platform Engineer, GitHub Enterprise Administrator
For Businesses
Organizations should nominate roles that own application security, software supply-chain risk, and DevSecOps governance, as GH-500 enables security-by-design within GitHub repositories before code reaches production. Recommended roles to nominate: DevSecOps & Application Security Engineers , Security Operations / Product Security Teams, Senior Developers & Engineering Leads, Platform Engineering Teams, GitHub Enterprise / Tool Administrators
Prerequisites for the "GH-500: GitHub Advanced Security" Course
The audience for this 1-day course consists of security professionals and developers who are responsible for implementing and managing GitHub security measures within their organizations. Candidates should have the following:
- Experience in using and administering GitHub repositories.
- Experience of working with Microsoft Azure services.
- Technical skills in code scanning, dependency management, and secret scanning, and are familiar with tools like CodeQL and Dependabot.
Key Features of Flexmind's GH-500: GitHub Advanced Security Training
This training is delivered by Flexmind through flexible online and offline formats and is designed to align with the most current certification exam requirements. The key features of this training are as follows:
Course Duration
The course has a total duration of 8 hours and is completed over 1 day.
Instructor-Led Training
Delivered by a senior Microsoft Certified Trainer with real-world, enterprise-scale experience in the Enteprise DevOps implementations using GitHub Actions.
Microsoft Official curriculum
Delivered by Flexmind using official Microsoft curriculum, this program blends study material, hands-on labs, and applied workshops with instructor-led guidance throughout.
Cloud Lab Access
The course will be covered using cloud lab access.
Course Completion Certificate
Course completion includes certification, formally validating the skills gained and reinforcing professional credibility.
Course Outline - GitHub Advanced Security Training (GH-500)
Module 1: Introduction to GitHub Advanced Security
- Define GHAS and the importance of the integral features such as Secret scanning, Code scanning, and Dependabot
- Explore how to utilize GHAS to maximize security impact
- Understand GHAS and its role in the security ecosystem
Module 2: Configure Dependabot security updates on your GitHub repo
- Describe the dependency graph and how to export a Software Bill of Materials (SBOM).
- Identify the permissions and roles required to view and enable Dependabot alerts.
- Enable and configure Dependabot alerts and security updates.
- Create and configure the dependency review workflow.
- Identify, review, and address vulnerable dependencies.
- Describe the available tools for managing vulnerable dependencies on GitHub.
Module 3: Configure and use secret scanning in your GitHub repository
- To prevent secret leaks by enabling push protection.
- To enable secret scanning on your repository.
- To configure secret scanning according to your use case.
- To use secret scanning efficiently.
Module 4: Configure code scanning on GitHub
- Describe code scanning.
- List the steps for enabling code scanning in a repository.
- Implement CodeQL analysis in a GitHub Actions workflow and (CI) tools.
- Explain how to configure code scanning on a repository using triggering events.
- Contrast the frequency of code scanning workflows (scheduled vs triggered by events).
Module 5: Identify security vulnerabilities in your codebase by using CodeQL
- Install the CodeQL command-line interface (CLI) from the page for GitHub CodeQL releases.
- Create a database by using CodeQL to extract a single relational representation of each source file in the codebase.
- Run CodeQL in a database to find problems in your source code and find potential security vulnerabilities.
- Analyze CodeQL scan results by using GitHub-created queries or your own custom queries.
Module 6: Code scanning with GitHub CodeQL
- Understand CodeQL and how it analyzes code.
- Understand QL, a unique logic programming language.
- Set up CodeQL based code scanning in a GitHub repository.
- Reference a custom CodeQL query.
- Configure the language matrix in a CodeQL workflow.
- Learn how to use the CodeQL CLI to generate code scanning results and upload them to GitHub.
- Implement custom build steps.
Module 7: GitHub administration for GitHub Advanced Security
- Learn about the different GitHub Advanced Security features and their availability.
- How to enable GitHub Advanced Security according to your enterprise plan.
- How to manage access to the different GitHub Advanced Security features.
- How GitHub Advanced Security lets you manage security alerts.
Module 8: Manage sensitive data and security policies within GitHub
- Create documentation that details security guidelines and useful information for collaborators.
- Set permissions and other rules.
- Manage repository rulesets.
- Automate processes that prevent security risks.
- Respond to sensitive data exposure.
- Export audit log records and git events.
Class Schedule
Instructor‑Led Training
- 8-Hours of Instructor‑Led Training
- One‑to‑one doubt‑resolution sessions
- Microsoft Official Lab Access
Learning Objectives - GitHub Advanced Security Training (GH-500)
After completing the GH-500: GitHub Advanced Security course, learners will be able to:
- Define GitHub Advanced Security (GHAS): Understand the importance of integral features such as Secret scanning, Code scanning, and Dependabot.
- Utilize GHAS: Learn how to maximize security impact using GHAS features.
- Understand GHAS in the Security Ecosystem: Recognize GHAS's role and its integration into the security workflow.
- Configure Dependabot: Learn to enable and configure Dependabot alerts and security updates.
- Implement Secret Scanning: Understand how to enable and use secret scanning to prevent secret leaks.
- Configure Code Scanning: Learn to implement and configure code scanning using CodeQL and other tools
About GH-500 Certification Exam
To help you understand the assessment better, here are a few important details about the exam.
| Exam Name | GH-500: GitHub Advanced Security |
|---|---|
| Who should Apply | DevOps Engineer, Administrator |
| Duration of Exam | 100 Minutes |
| Fees | Rs. 4,865 (India), $165 USD (United States) |
| Level of Difficulty | Intermediate |
| Type of Credential | Microsoft Certification |
| Languages | English, Japanese, Chinese (Simplified), German, French, Spanish, Portuguese (Brazil), Arabic (Saudi Arabia) |
| Exam Retake | Exam retake allowed after 24 hours |
| Quality Check during Assessment | The online exam is proctored |
The table below represents the weightage of each study area in the exam. Areas with higher percentages are expected to have more questions.
| Study Area | Percentage |
|---|---|
| Describe the GHAS security features and functionality | 15% |
| Configure and use secret scanning | 15% |
| Configure and use Dependabot and Dependency Review | 35% |
| Configure and use Code Scanning with CodeQL | 25% |
| Describe GitHub Advanced Security best practices, results, and how to take corrective measures | 10% |
