github-samples/securing-your-codePublic template

NotificationsYou must be signed in to change notification settings
Fork3
Star4

Securing your Code with GitHub workshop

License

View license

4 stars 3 forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 77 Commits
.devcontainer		.devcontainer
.github		.github
_labs		_labs
config		config
data		data
encryptionkeys		encryptionkeys
frontend		frontend
ftp		ftp
i18n		i18n
lib		lib
models		models
monitoring		monitoring
routes		routes
rsn		rsn
screenshots		screenshots
test		test
uploads/complaints		uploads/complaints
vagrant		vagrant
views		views
.dockerignore		.dockerignore
.eslintrc.js		.eslintrc.js
.gitignore		.gitignore
.npmrc		.npmrc
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
Dockerfile		Dockerfile
Gruntfile.js		Gruntfile.js
LICENSE		LICENSE
README.md		README.md
SUPPORT.md		SUPPORT.md
app.json		app.json
app.ts		app.ts
cypress.config.ts		cypress.config.ts
docker-compose.test.yml		docker-compose.test.yml
package.json		package.json
secrets.txt		secrets.txt
server.ts		server.ts
swagger.yml		swagger.yml
threat-model.json		threat-model.json
tsconfig.json		tsconfig.json

Repository files navigation

Securing your code with GitHub

@joshjohanning @mickeygousset @writingpanda @felickz @tspascoal

Workshop Labs Resources

Who is this for: Enterprise - Engineering Leadership, Enterprise - Developers, Open Source Developers or Maintainers, Security Professionals, Startups, Security Leadership, Educators
What you'll learn: Here at GitHub, we like to say that "found means fixed." That's because when issues are found they can more easily be fixed. In this workshop you'll dive into a repository filled with security alerts and begin to remediate them using GitHub Advanced Security (GHAS) and Dependabot, effectively maintaining code integrity. You'll also encounter and resolve a few security issues using Copilot Autofix. The end goal? To learn and develop strategies to motivate your developers to turn reactive fixes into proactive security habits.

Seerequirements to see what is needed to run this lab.

Workshop Labs

Lab 1 - GitHub Advanced Security Feature Introduction

This lab will introduce you to GitHub Advanced Security (GHAS) and its features.

Get started here -Lab 1

Lab 2 - Reviewing and Managing Security Alerts

This lab will show you how to review and managed the alerts created in Lab 1.

Get started here -Lab 2

Lab 3 - Hands-on with Code Scanning

This lab will have you add some bad code, utilize repository rulesets to block the code, and Copilot Autofix to fix the code.

Get started here -Lab 3

Lab 4 - Hands-on with Dependency Review

This lab will have you utilize the Dependency Review action to stop a bad vulnerability in a pull request.

Get started here -Lab 4

Lab 5 - Hands-on with Secret Scanning

This lab will have you utilize Secret Scanning with Push Protection to prevent secrets from entering the codebase.

Get started here -Lab 5

Lab 6 - Hands-on with Security Overview

This lab will teach you how to effectively use the Security Overview to review and alerts and coverage in an organization.

Get started here -Lab 6

Extra Credit: Advanced CodeQL Setup

This open-ended extra credit lab will have you switch to the advanced CodeQL setup.

Get started here -Extra Credit Lab 1

Extra Credit: Custom Patterns for Secret Scanning

This open-ended extra credit lab will have you create a custom secret scanning pattern.

Get started here -Extra Credit Lab 2

📖 Resources

License