Enabling Secure Software Development in GitHub
Security is an often overlooked aspect of software development. This course will teach you how to use GitHub’s spectrum of security features to protect your repositories.
What you'll learn
Don’t take code security for granted with GitHub repositories. In this course, Enabling Secure Software Development in GitHub, you’ll learn to secure your source code and mitigate vulnerabilities. First, you’ll explore using Dependabot to discover and fix vulnerable dependencies. Next, you’ll discover scanning for secrets and CodeQL for vulnerabilities, and controlling how users and systems access data via GitHub’s API. Finally, you’ll learn how to configure code security within an organization and across the enterprise. When you’re finished with this course, you’ll have the skills and knowledge of GitHub’s security features needed to protect your source code from development to production.
Table of contents
- Demo: What Is a Dependency Vulnerability? 3m
- Demo: Using GitHub's Dependency Graph 2m
- Demo: Dependabot Alerts and the GitHub Advisory Database 3m
- Demo: Dependabot Pull Requests for Security Updates 2m
- Demo: @dependabot merge Closes Relevant Security Alert(s) 2m
- Demo: Dismissing the dotnet Security Alert 2m
- Demo: Auto-triage Rules to Dismiss and/Or Trigger Security Updates 4m
- Demo: Push Protection Can Block Commits with Secrets 3m
- Demo: Public vs. Private Repos and GitHub Advanced Security 3m
- Demo: Code Security Settings for Repositories and Users 3m
- Demo: Disabling User Push Protection to Push a Fake Secret 1m
- Demo: Secret Scanning Can Find Leaked Tokens 3m
- Demo: gitleaks for Secret Scanning 2m
- Demo: Bypassing Repository Level Push Protection 2m
- Demo: Every Secret Is Forever Stored in Commit History 3m
- Demo: Rewriting Commit History with git-filter-repo to Scrub Secrets 4m
- Demo: Unreachable Commits and GitHub Support 4m
- Demo: Code Scanning with CodeQL 3m
- Demo: Use SSH Keys to Clone a Repository 2m
- Demo: Deploy Keys and Machine Accounts 2m
- Demo: GitHub Personal Accounts vs. Enterprise Managed Users 2m
- Demo: Use a PAT to Clone a Repo over the HTTPS API 4m
- Demo: Use a PAT with the GitHub CLI to List Repos 1m
- Demo: Classic PAT vs. Fine-grained, Repo-scoped PAT 2m
- Demo: GH CLI Device Flow to Generate an OAuth Token 4m
- Demo: Installation Access Tokens in GitHub Apps 4m
- Demo: Create a GitHub App 2m
- Demo: Install into an Organization Account vs. Personal Account 2m
- Demo: Generate an Installation Access Token 4m
- Demo: Use the Installation Access Token 3m
- Demo: User Access Tokens with GH Apps 3m
- Demo: Refresh Tokens 5m
- Demo: Use Security Logs to Find out Who Deleted a Repo 3m
- Demo: Create a Trial Enterprise Account to Follow Along 3m
- Demo: Enable the GitHub Advanced Security Add-on 2m
- Demo: Enterprise and Organization Policies for Deploy Keys 3m
- Demo: Personal Access Token Policies 4m
- Demo: Organization Members Can Request an App Install 3m
- Demo: Create an Enterprise Managed Code Security Configuration 3m
- Demo: Apply a Security Configuration 2m
- Demo: View Security Alerts and Adoption Across the Enterprise 3m
- Demo: Download Compliance Reports and Access Audit Logs 2m
- Demo: The Enterprise Audit Log API 3m
- Demo: Organization Audit Logs API and Filtering Events 1m
- Demo: Check API Rate Limits 3m
About the author
Wes Higbee is passionate about helping companies achieve remarkable results with technology and software. He’s had extensive experience developing software and working with teams to improve how software is developed to meet business objectives. Wes launched Full City Tech to leverage his expertise to help companies delight customers. Although his primary focus is on outcomes, implementation often includes technical competency. Wes frequently speaks about impactful aspects of software developm... more