Skip to main content

GitHub Advanced Security for Programmers

Executive Summary

This 3-hour, instructor-led course—on-site or virtual—teaches developers and security teams to implement GitHub Advanced Security (GHAS). Learn hands-on to use Code Scanning, Secret Scanning, Dependency Review, Dependabot, and CodeQL, integrating them smoothly into your workflows to reduce risk with minimal friction. Ideal for developers, DevSecOps, and product security teams.

Productive tech team collaborating

Course Details

GitHub Advanced Security allows you to have a “developer-first” approach to Application Security, recognizing that developers have a critical role to play in securing your applications. This training will enable developers in your organization to both understand and effectively use the features of Advanced Security.

Objectives

  • Understand the features available in GitHub Advanced Security
  • Hands-on experience enabling GitHub Advanced Security features
  • Reduce developer friction by increasing awareness of GitHub Advanced Security features

Duration

3 hours of live instruction including comprehensive labs, code samples, and environment setup guidance to ensure minimal disruption to daily workflows.

Request Information

Course Outline

Introduction to GitHub Advanced Security (GHAS)

  • What is GHAS? Core features and philosophy

  • The value of “developer-first” security

  • Benefits of shifting security left in the development lifecycle

Configuring GHAS in Your Workflow

  • Activating GHAS features in repositories
  • Managing permissions and access controls
  • Integrating GHAS with CI/CD pipelines and GitHub Actions

Dependency Security and Automation

  • Understanding Dependency Graph and Dependency Review
  • Automating updates with Dependabot
  • Triage and remediation workflows
  • Managing third-party packages securely

Secret Scanning and Credential Protection

  • How secret scanning works
  • Identifying exposed secrets in code
  • Creating and managing custom secret patterns
  • Remediation strategies and alerts handling

Testing and Quality with Azure Test Plans

  • Manual testing and exploratory testing workflows
  • Creating test suites and test cases
  • Capturing feedback from UAT
  • Integrating testing into build/release pipelines
  • Tracking defects and test coverage

Artifact Management with Azure Artifacts

  • Publishing and sharing NuGet, npm, Maven, and Python packages
  • Integrating artifacts into build pipelines
  • Managing package versions and security
  • Using GitHub Packages as an alternative

Infrastructure and Configuration as Code

  • Creating Azure resources with ARM and Bicep
  • Using Azure CLI and PowerShell in pipelines
  • Managing infrastructure state with templates
  • Implementing Desired State Configuration (DSC)

Final Workflow and Best Practices

  • Full DevOps workflow from planning to release
  • Promoting DevOps culture across teams
  • Ensuring traceability across boards, repos, pipelines, and test plans
  • Using dashboards and analytics for continuous improvement

Prerequisite

  • Basic programming experience, preferably in C# with Visual Studio Code or Visual Studio 2022.
  • The focus of this class is using Azure DevOps Services, so all programming code is provided to the student.

Training Materials

All students receive comprehensive courseware covering all topics in the course. Courseware is distributed via GitHub in the form of documentation and extensive code samples. Students practice the topics covered through challenging hands-on lab exercises.

Students will need a free, personal GitHub account to access the courseware. Student will need permission to install the selected language platform (Node.js, .NET SDK, or Python) and Visual Studio Code on their computers. Also, students will need permission to install packages for the selected coding platform as well as Visual Studio Extensions.