🌐 Available in: English 🇬🇧 | Español 🇪🇸
- Domain 1: Security Features and Capabilities of GHAS (15%)
- 1.1 Compare GHAS features and its role in the security ecosystem
- 1.2 Differentiate features for Open Source vs GHEC/GHES projects
- 1.3 Features and benefits of the Security Overview
- 1.4 Differences between Secret Scanning and Code Scanning
- 1.5 Secure development lifecycle with GHAS
- 1.6 Explain and utilize specific GHAS features
- Domain 2: Configure and Use Secret Scanning (15%)
- Domain 3: Configure and Use Dependabot and Dependency Review (35%)
- 3.1 Tools for managing vulnerabilities in dependencies
- 3.2 Default configuration for Dependabot alerts
- 3.3 Permissions and roles for Dependabot
- 3.4 Enable Dependabot for private repositories
- 3.5 Enable Dependabot for organizations
- 3.6 Create Dependabot configuration file (dependabot.yml)
- 3.7 Custom Auto-triage Rules for Dependabot
- 3.8 Dependency Review Workflow
- 3.9 Identify and correct vulnerable dependencies
- Domain 4: Configure and Use Code Analysis with CodeQL (25%)
- Domain 5: GHAS Best Practices, Results, and Remediation Measures (10%)
- 5.1 Use CVE and CWE to describe alerts
- 5.2 Decision-making process for closing/dismissing alerts
- 5.3 CodeQL query suites
- 5.4 How CodeQL analyzes code
- 5.5 Roles and responsibilities
- 5.6 Severity thresholds for PR checks
- 5.7 Filters and classification for prioritization
- 5.8 CodeQL and Dependency Review with rulesets
- 5.9 Configure early scanning
- Additional Links and Resources