8000 GitHub - github-samples/securing-your-code at c6ced86764d7608124a587cf78cdebd9665fb641
[go: up one dir, main page]
Skip to content

github-samples/securing-your-code

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

77 Commits
.devcontainer
.devcontainer
 
 
_labs
_labs
 
 
config
config
 
 
data
data
 
 
encryptionkeys
encryptionkeys
 
 
frontend
frontend
 
 
ftp
ftp
 
 
i18n
i18n
 
 
lib
lib
 
 
models
models
 
 
monitoring
monitoring
 
 
routes
routes
 
 
rsn
rsn
 
 
screenshots
screenshots
 
 
test
test
 
 
uploads/complaints
uploads/complaints
 
 
vagrant
vagrant
 
 
views
views
 
 
.dockerignore
.dockerignore
 
 
.eslintrc.js
.eslintrc.js
 
 
.gitignore
.gitignore
 
 
.npmrc
.npmrc
 
 
Dockerfile
Dockerfile
 
 
Gruntfile.js
Gruntfile.js
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.json
app.json
 
 
app.ts
app.ts
 
 
cypress.config.ts
cypress.config.ts
 
 
docker-compose.test.yml
docker-compose.test.yml
 
 
package.json
package.json
 
 
secrets.txt
secrets.txt
 
 
server.ts
server.ts
 
 
swagger.yml
swagger.yml
 
 
threat-model.json
threat-model.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Securing your code with GitHub

@joshjohanning @mickeygousset @writingpanda @felickz @tspascoal

Workshop Labs Resources

  • Who is this for: Enterprise - Engineering Leadership, Enterprise - Developers, Open Source Developers or Maintainers, Security Professionals, Startups, Security Leadership, Educators
  • What you'll learn: Here at GitHub, we like to say that "found means fixed." That's because when issues are found they can more easily be fixed. In this workshop you'll dive into a repository filled with security alerts and begin to remediate them using GitHub Advanced Security (GHAS) and Dependabot, effectively maintaining code integrity. You'll also encounter and resolve a few security issues using Copilot Autofix. The end goal? To learn and develop strategies to motivate your developers to turn reactive fixes into proactive security habits.

Workshop Labs

Lab 1 - GitHub Advanced Security Feature Introduction

This lab will introduce you to GitHub Advanced Security (GHAS) and its features.

  • Get started here - Lab 1

Lab 2 - Reviewing and Managing Security Alerts

This lab will show you how to review and managed the alerts created in Lab 1.

  • Get started here - Lab 2

Lab 3 - Hands-on with Code Scanning

This lab will have you add some bad code, utilize repository rulesets to block the code, and Copilot Autofix to fix the code.

  • Get started here - Lab 3

Lab 4 - Hands-on with Dependency Review

This lab will have you utilize the Dependency Review action to stop a bad vulnerability in a pull request.

  • Get started here - Lab 4

Lab 5 - Hands-on with Secret Scanning

This lab will have you utilize Secret Scanning with Push Protection to prevent secrets from entering the codebase.

  • Get started here - Lab 5

Lab 6 - Hands-on with Security Overview

This lab will teach you how to effectively use the Security Overview to review and alerts and coverage in an organization.

  • Get started here - Lab 6

Extra Credit: Advanced CodeQL Setup

This open-ended extra credit lab will have you switch to the advanced CodeQL setup.

Extra Credit: Custom Patterns for Secret Scanning

This open-ended extra credit lab will have you create a custom secret scanning pattern.

📖 Resources

About

Securing your Code with GitHub workshop

Topics

dependency-graph dependabot secrets-detection code-security ghas

Resources

Readme

License

View license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Contributors 7

Languages
0