CINXE.COM

GitHub Advanced Security essential guides and tutorials - GitHub Resources

<!DOCTYPE html><html dir="ltr" lang="en-US"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><meta http-equiv="Content-Security-Policy" content="default-src &#x27;none&#x27;; script-src &#x27;self&#x27; analytics.githubassets.com ghcc.githubassets.com js.monitor.azure.com/scripts/c/ms.analytics-web-4.min.js www.youtube.com; style-src &#x27;self&#x27; &#x27;unsafe-inline&#x27;; connect-src &#x27;self&#x27; browser.events.data.microsoft.com collector.githubapp.com edge.fullstory.com rs.fullstory.com; font-src &#x27;self&#x27; data:; img-src &#x27;self&#x27; data: github.githubassets.com images.ctfassets.net rs.fullstory.com ad.doubleclick.net pixel.quantserve.com sp.analytics.yahoo.com www.facebook.com px.ads.linkedin.com alb.reddit.com px4.ads.linkedin.com adservice.google.com; manifest-src &#x27;self&#x27;; frame-src &#x27;self&#x27; www.youtube.com player.vimeo.com play.vidyard.com octocaptcha.com; media-src &#x27;self&#x27;;"/><link rel="canonical" href="https://resources.github.com/learn/pathways/security/essentials/essentials-github-advanced-security/"/><meta name="ha-url" content="https://collector.githubapp.com/resources/collect"/><meta name="ghcc-locale" content="en-US"/><link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"/><link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"/><link rel="manifest" href="/site.webmanifest"/><link rel="mask-icon" href="/safari-pinned-tab.svg" color="#ab3f8b"/><meta name="apple-mobile-web-app-title" content="GitHub Resources"/><meta name="application-name" content="GitHub Resources"/><meta name="msapplication-TileColor" content="#ab3f8b"/><meta name="theme-color" content="#151920"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:site" content="@github"/><meta name="twitter:creator" content="@GitHub"/><meta property="og:url" content="https://resources.github.com/learn/pathways/security/essentials/essentials-github-advanced-security/"/><meta property="og:type" content="website"/><meta property="og:locale" content="en_US"/><meta property="og:site_name" content="GitHub Resources"/><title>GitHub Advanced Security essential guides and tutorials - GitHub Resources</title><meta name="robots" content="index,follow"/><meta name="description" content="Learn the basics and start automating your application security testing and remediation with GitHub Advanced Security in just a few clicks."/><meta property="og:title" content="GitHub Advanced Security essential guides and tutorials"/><meta property="og:description" content="Learn the basics and start automating your application security testing and remediation with GitHub Advanced Security in just a few clicks."/><meta property="og:image" content="https://images.ctfassets.net/wfutmusr1t3h/2c5pvD8RaUBtqrcEULhGV9/05d3a8abb0117edb962d6a5b0507b275/PrimaryLP_1200x630px_2x.png"/><meta property="og:image:alt" content="GitHub logo Learning Pathways with swirling multicolored shapes"/><meta property="og:image:width" content="1200"/><meta property="og:image:height" content="630"/><meta name="ha-page-type" content="marketing"/><meta name="next-head-count" content="32"/><link data-next-font="" rel="preconnect" href="/" crossorigin="anonymous"/><link rel="preload" href="/_next/static/css/238ca3e7f90c682f.css" as="style"/><link rel="stylesheet" href="/_next/static/css/238ca3e7f90c682f.css" data-n-g=""/><link rel="preload" href="/_next/static/css/c2a527101433f11d.css" as="style"/><link rel="stylesheet" href="/_next/static/css/c2a527101433f11d.css" data-n-p=""/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js"></script><script src="https://ghcc.githubassets.com/ghcc.min.js" defer="" data-nscript="beforeInteractive"></script><script src="/_next/static/chunks/webpack-38cee4c0e358b1a3.js" defer=""></script><script src="/_next/static/chunks/framework-49c6cecf1f6d5795.js" defer=""></script><script src="/_next/static/chunks/main-43041a92397b9ba5.js" defer=""></script><script src="/_next/static/chunks/pages/_app-4918fa68b0b899e4.js" defer=""></script><script src="/_next/static/chunks/285-f0ec2e7d96e240db.js" defer=""></script><script src="/_next/static/chunks/pages/%5B...path%5D-4685a8a8e88aa8ea.js" defer=""></script><script src="/_next/static/ZokmF09g2SkORXwoG0TZr/_buildManifest.js" defer=""></script><script src="/_next/static/ZokmF09g2SkORXwoG0TZr/_ssgManifest.js" defer=""></script></head><body><div id="__next"><div data-color-mode="light" class="d-flex flex-column"><div id="site-navigation-container" data-color-mode="light" data-light-theme="light" style="z-index:999" class="site-navigation-container position-fixed top-0 width-full color-bg-transparent"><div class="position-relative site-navigation-container--background"><div class="position-absolute nav-dropdown color-bg-white" data-color-mode="light" data-light-theme="light"><div class="container-xl"><form class="d-flex flex-column"><button class="btn-link flex-self-end Link--muted" type="button" aria-label="Close dropdown" data-analytics-click="Search,search pane closed, query: "><svg aria-hidden="true" role="img" class="octicon octicon-x" viewBox="0 0 24 24" width="36" height="36" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path fill-rule="evenodd" d="M5.72 5.72a.75.75 0 011.06 0L12 10.94l5.22-5.22a.75.75 0 111.06 1.06L13.06 12l5.22 5.22a.75.75 0 11-1.06 1.06L12 13.06l-5.22 5.22a.75.75 0 01-1.06-1.06L10.94 12 5.72 6.78a.75.75 0 010-1.06z"></path></svg></button><div class="d-flex flex-column flex-md-row flex-items-center"><input type="text" class="search-input form-control input-lg color-bg-transparent color-fg-muted flex-1 width-full mb-3 mb-md-0 mr-0 mr-md-3" placeholder="What are you looking for?" autofocus="" value=""/><button class="btn-mktg arrow-target-mktg flex-shrink-0 width-full width-md-auto">Search</button></div></form></div></div><ul class="position-absolute nav-dropdown mobile-nav pt-8 pb-4 color-bg-dark color-fg-white d-lg-none" data-color-mode="dark" data-dark-theme="dark"><div class="container-sm px-6 overflow-auto height-full"><div class="d-flex flex-column color-bg-dark height-full flex-justify-between"><div></div><div class="d-flex flex-column d-md-none"></div></div></div></ul><header data-testid="site-navigation-mobile" class="site-navigation d-lg-none"><nav class="container-xl py-1" aria-label="Site navigation"><div class="d-flex flex-items-center flex-justify-between"><a title="Visit GitHub Resources" class="gh-icon Header-link" data-testid="navigation-home-link-mobile" href="/"><svg aria-hidden="true" role="img" class="octicon octicon-mark-github" viewBox="0 0 16 16" width="32" height="32" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path></svg></a><div class="d-none d-md-flex d-lg-none"></div></div></nav></header><header data-testid="site-navigation" class="site-navigation"><nav class="container-xl py-1 d-none d-lg-flex flex-items-center flex-justify-between" aria-label="Site navigation"><ul class="d-flex flex-items-center"><li><a href="https://github.com" target="_blank" rel="noreferrer" class="gh-icon Header-link d-none d-lg-block py-3 position-relative" aria-label="GitHub homepage"><svg aria-hidden="true" role="img" class="nav-back-arrow position-absolute" viewBox="0 0 24 24" width="32" height="32" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path fill-rule="evenodd" d="M15.28 5.22a.75.75 0 00-1.06 0l-6.25 6.25a.75.75 0 000 1.06l6.25 6.25a.75.75 0 101.06-1.06L9.56 12l5.72-5.72a.75.75 0 000-1.06z"></path></svg><svg aria-hidden="true" role="img" class="octicon octicon-mark-github" viewBox="0 0 16 16" width="32" height="32" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path></svg></a></li><li class="d-flex flex-items-center"><span class="ml-3 f1-mktg f2-md-mktg opacity-30">/</span><a data-testid="navigation-home-link" data-analytics-click="Navigation, go to homepage" class="d-none d-lg-inline-block Header-link font-weight-semibold p-3 f2" aria-label="GitHub resources homepage" href="/">Resources</a></li></ul><ul class="d-flex flex-items-center"></ul><div class="site-navigation--background position-absolute top-0 bottom-0 left-0 right-0"></div></nav></header></div></div><main class="flex-1 position-relative"><div class="mkt-landing-page pb-8"><div class="flex-1 position-relative"><section class="color-bg-dark color-fg-white text-center pb-10 pt-16 px-3 guide-header mb-8" data-nav=""><span style="box-sizing:border-box;display:block;overflow:hidden;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;position:absolute;top:0;left:0;bottom:0;right:0"><img alt="Guards guarding a castle" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" decoding="async" data-nimg="fill" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%;object-fit:cover"/><noscript><img alt="Guards guarding a castle" loading="lazy" decoding="async" data-nimg="fill" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%;object-fit:cover" sizes="100vw" srcSet="https://images.ctfassets.net/wfutmusr1t3h/4AAODHNOlIYCjXTNkH3Ge0/c5600399cfdfdf54edc6a9b2915f7380/Untitled__4_.png?w=544&amp;q=75 544w, https://images.ctfassets.net/wfutmusr1t3h/4AAODHNOlIYCjXTNkH3Ge0/c5600399cfdfdf54edc6a9b2915f7380/Untitled__4_.png?w=768&amp;q=75 768w, https://images.ctfassets.net/wfutmusr1t3h/4AAODHNOlIYCjXTNkH3Ge0/c5600399cfdfdf54edc6a9b2915f7380/Untitled__4_.png?w=1012&amp;q=75 1012w, https://images.ctfassets.net/wfutmusr1t3h/4AAODHNOlIYCjXTNkH3Ge0/c5600399cfdfdf54edc6a9b2915f7380/Untitled__4_.png?w=1280&amp;q=75 1280w" src="https://images.ctfassets.net/wfutmusr1t3h/4AAODHNOlIYCjXTNkH3Ge0/c5600399cfdfdf54edc6a9b2915f7380/Untitled__4_.png?w=1280&amp;q=75"/></noscript></span></section><div class="d-flex flex-items-start container-xl"><aside class="articles-sidebar sidebar d-none d-md-block mr-6"><p id="guide-sidebar-toc" class="text-mono gradient-fg-purple-red f4-mktg mb-3">Security<span class="sr-only"> table of contents.</span></p><nav aria-labelledby="guide-sidebar-toc"><ul class="list-style-none"><li><span class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--100___csEom"><button class="py-1 mb-1 border-0 color-bg-transparent width-full" style="display:flex;justify-content:space-between" aria-expanded="false" aria-label="Show the nested links">Essentials<span style="float:right"><svg aria-hidden="true" role="img" class="octicon octicon-chevron-down" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z"></path></svg></span></button></span></li><li><span class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--100___csEom"><button class="py-1 mb-1 border-0 color-bg-transparent width-full" style="display:flex;justify-content:space-between" aria-expanded="false" aria-label="Show the nested links">Intermediate<span style="float:right"><svg aria-hidden="true" role="img" class="octicon octicon-chevron-down" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z"></path></svg></span></button></span></li><li><span class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--100___csEom"><button class="py-1 mb-1 border-0 color-bg-transparent width-full" style="display:flex;justify-content:space-between" aria-expanded="false" aria-label="Show the nested links">Advanced<span style="float:right"><svg aria-hidden="true" role="img" class="octicon octicon-chevron-down" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z"></path></svg></span></button></span></li><li><span class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--100___csEom"><button class="py-1 mb-1 border-0 color-bg-transparent width-full" style="display:flex;justify-content:space-between" aria-expanded="false" aria-label="Show the nested links">More Learning Pathways<span style="float:right"><svg aria-hidden="true" role="img" class="octicon octicon-chevron-down" viewBox="0 0 16 16" width="16" height="16" fill="currentColor" style="display:inline-block;user-select:none;vertical-align:text-bottom;overflow:visible"><path fill-rule="evenodd" d="M12.78 6.22a.75.75 0 010 1.06l-4.25 4.25a.75.75 0 01-1.06 0L3.22 7.28a.75.75 0 011.06-1.06L8 9.94l3.72-3.72a.75.75 0 011.06 0z"></path></svg></span></button></span></li></ul></nav></aside><main class="Layout-main"><header class="mb-4 mb-md-6"><h1 class="h3-mktg mb-3">Essentials of GitHub Advanced Security</h1></header><div class="text-mono text-left"><div class="d-flex flex-items-center pb-4"><div class="flex-shrink-0 mr-3"><span class="Primer_Brand__Avatar-module__Avatar___QrJMw Primer_Brand__Avatar-module__Avatar--size-48___TvwXR Primer_Brand__Avatar-module__Avatar--shape-circle___VvaB7" data-testid="Avatar"><img class="Primer_Brand__Avatar-module__Avatar__image___AajXN" src="//images.ctfassets.net/wfutmusr1t3h/lGT4vwbEHGrEwL3zQIV2c/50e0f8c6862c29566c6fb8dec30b3d42/Nicholas_Liffen_GitHub.jpeg" alt="Nicholas Liffen" data-testid="Avatar__image"/></span></div><div class="d-flex flex-column justify-content-center"><span class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--300___TBQTB">Nicholas Liffen<span class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--muted___lTaVa Primer_Brand__Text-module__Text--300___TBQTB"> // Director, GitHub Advanced Security<!-- --> <!-- -->// GitHub</span></span></div></div></div><div class="markdown-body contained my-4"><p>GitHub Advanced Security (GHAS) is a developer-first application security testing solution that brings GitHub&#x27;s world-class security capabilities to public and private repositories. It provides highly curated detection and remediation capabilities crafted by some of the world&#x27;s best security engineers to ensure your code, secrets, and software supply chain are as secure as possible. Plus, it鈥檚 fully automated, so you don&#x27;t have to remember to run GHAS tests or wait for a security review before merging. </p><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT">In this module, you鈥檒l get started with GHAS and immediately begin fixing vulnerabilities and preventing future security problems. All it takes is a few clicks! To help us along the way, we鈥檒l be joined by Justin Watts, director of engineering productivity at Canadian telecom TELUS, who will share insights and best practices.</p><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT"> </p><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT">By the end of this module, you鈥檒l understand the detection methods GHAS includes, the differences between its key features, how to enable those key features with their default settings at the repository level, and how to start viewing results and remediating vulnerabilities.聽</p><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT"></p><h2>Prerequisites</h2><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT"> </p><ul><li><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT">A GitHub Advanced Security license</p></li><li><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT">Repository admin or organization Security Manager permissions</p></li><li><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT">Basic knowledge of GitHub, such as forking repositories and committing changes</p></li></ul><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT"> </p><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT">In this module, we will be using an example application called <a href="https://github.com/juice-shop/juice-shop" class="Primer_Brand__InlineLink-module__InlineLink___U_Ama">OWASP Juice Shop</a> to explore the features of GitHub Advanced Security. Juice Shop is an open source, deliberately insecure application widely used for security testing and benchmarking.</p><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT"> </p><h2>Essentials module overview</h2><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT"> </p><h3>Guide 1: <a href="https://resources.github.com/learn/pathways/security/essentials/application-security-testing-github-advanced-security" class="Primer_Brand__InlineLink-module__InlineLink___U_Ama">Understanding GitHub Advanced Security</a></h3><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT">Learn about the detection methods GHAS includes, how the different features help secure various parts of your software, and what capabilities are available to report on your security progress.</p><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT"> </p><h3>Guide 2: <a href="https://resources.github.com/learn/pathways/security/essentials/enabling-github-advanced-security" class="Primer_Brand__InlineLink-module__InlineLink___U_Ama">Enabling GitHub Advanced Security</a></h3><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT">How to enable GitHub Advanced Security at the repository level, this includes code scanning, CodeQL, dependency review, and secret scanning.</p><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT"> </p><h3>Guide 3: <a href="https://resources.github.com/learn/pathways/security/essentials/reviewing-github-advanced-security-scan-results" class="Primer_Brand__InlineLink-module__InlineLink___U_Ama">Reviewing GitHub Advanced Security scan results</a></h3><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT">How to view results from code scanning, secret scanning, and Dependabot, how to dismiss false positives in secret scanning, and how to automatically remediate vulnerabilities with Dependabot.</p><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT"> </p><h2>Industry expert insights from:</h2><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT"> <b>TELUS: </b>TELUS is a leading communications and information technology provider in Canada, responsible for powering essential services for over 35 million people across the country. With a diverse team of 78,000, including nearly 5,000 developers, analysts, and technicians, TELUS faces the monumental task of unifying various tools and technologies. By adopting GitHub, they centralized their software development, streamlined testing through GitHub Actions, and enhanced security protocols. This has resulted in significant time savings and elevated code quality across their workforce of nearly 5,000 tech professionals.</p><h3>Begin Guide 1: <a href="https://resources.github.com/learn/pathways/security/essentials/application-security-testing-github-advanced-security/" class="Primer_Brand__InlineLink-module__InlineLink___U_Ama">Understanding GitHub Advanced Security</a></h3><p class="Primer_Brand__Text-module__Text___pecHN Primer_Brand__Text-module__Text-font--mona-sans___GpzSG Primer_Brand__Text-module__Text--default___DChoE Primer_Brand__Text-module__Text--200___XAIGT"></p></div></main></div></div></div></main></div></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"page":{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"596tdaUFdZcXOtJv6lPlOs","type":"Entry","createdAt":"2023-09-22T22:35:07.992Z","updatedAt":"2023-09-22T22:35:07.992Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":11,"revision":1,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"page"}}},"fields":{"path":"/learn/pathways/security/essentials/essentials-github-advanced-security","content":{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"4QDcvCvchJNQwOLPcL6Fte","type":"Entry","createdAt":"2023-09-22T22:35:08.084Z","updatedAt":"2024-11-05T13:58:04.187Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":110,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guidePage"}}},"fields":{"internalTitle":"S100-0 Essentials of GitHub Advanced Security","hero":{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"3DVCeXIc8wOqsaaa8nYReG","type":"Entry","createdAt":"2023-09-22T22:35:08.203Z","updatedAt":"2023-09-22T22:35:08.203Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":4,"revision":1,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"sectionHero"}}},"fields":{"title":"Essentials of GitHub Advanced Security - Hero","hero":{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"1gm1miLPjaUT56PTkAlaHo","type":"Entry","createdAt":"2023-09-22T22:35:08.226Z","updatedAt":"2024-11-21T19:04:49.661Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":88,"revision":41,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"primerComponentHero"}}},"fields":{"title":"Essentials of GitHub Advanced Security - Hero","heading":"Essentials of GitHub Advanced Security","text":"GitHub Advanced Security (GHAS) is a developer-first application security testing solution that brings GitHub's world-class security capabilities to public and private repositories. It provides highly curated detection and remediation capabilities crafted by some of the world's best security engineers to ensure your code, secrets, and software supply chain are as secure as possible. Plus, it鈥檚 fully automated, so you don't have to remember to run GHAS tests or wait for a security review before merging.\n","align":"Left"}},"backgroundImage":{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"4AAODHNOlIYCjXTNkH3Ge0","type":"Asset","createdAt":"2023-09-22T22:35:07.965Z","updatedAt":"2023-09-22T22:35:07.965Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":9,"revision":1},"fields":{"title":"Learning Pathways - Security - Essentials of GitHub Advanced Security","description":"Guards guarding a castle","file":{"url":"//images.ctfassets.net/wfutmusr1t3h/4AAODHNOlIYCjXTNkH3Ge0/c5600399cfdfdf54edc6a9b2915f7380/Untitled__4_.png","details":{"size":441292,"image":{"width":1500,"height":500}},"fileName":"Untitled (4).png","contentType":"image/png"}}},"theme":"light"}},"sidebar":{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"6XWkwiI7xdkMUhEo922BIl","type":"Entry","createdAt":"2023-09-22T22:35:08.247Z","updatedAt":"2024-11-05T14:01:05.208Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":61,"revision":29,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideSidebar"}}},"fields":{"title":"Security","links":[{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"53mcmG19ZgTsMoNwEEAo5W","type":"Entry","createdAt":"2023-09-22T22:35:08.338Z","updatedAt":"2024-11-05T14:01:07.812Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":82,"revision":34,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Essentials","href":"#","nestedLinks":[{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"53MlvHtpiKmtfEPfQxZ4OM","type":"Entry","createdAt":"2023-09-28T17:57:21.339Z","updatedAt":"2024-11-05T14:01:10.396Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":69,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Essentials of security: Begin with the Basics","href":"https://resources.github.com/learn/pathways/security/essentials/essentials-github-advanced-security/"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"3FR33HJ5q3aEKtaemHaaK4","type":"Entry","createdAt":"2023-09-22T22:35:08.359Z","updatedAt":"2024-11-05T14:01:16.019Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":73,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Guide 1: Understanding GitHub Advanced Security","href":"/learn/pathways/security/essentials/application-security-testing-github-advanced-security"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"1gVNiCritY9HJC6g9Q2OOE","type":"Entry","createdAt":"2023-09-22T22:35:08.377Z","updatedAt":"2024-11-05T14:01:18.571Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":73,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Guide 2: Enabling GitHub Advanced Security","href":"/learn/pathways/security/essentials/enabling-github-advanced-security"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"33qwN9teVTywElQBE73mBY","type":"Entry","createdAt":"2023-09-22T22:35:08.397Z","updatedAt":"2024-11-05T14:01:21.186Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":71,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Guide 3: Reviewing GitHub Advanced Security scan results","href":"/learn/pathways/security/essentials/reviewing-github-advanced-security-scan-results"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"4aXkaA8Jbs9WYnHEGqVKYr","type":"Entry","createdAt":"2023-09-22T22:35:08.427Z","updatedAt":"2024-11-05T14:01:23.866Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":74,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Essentials module on GitHub Advanced Security wrap-up","href":"/learn/pathways/security/essentials/github-advanced-security-essentials-wrap-up"}}]}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"1LXbWRV0eKeiMC3kPbYc1F","type":"Entry","createdAt":"2023-09-22T22:35:08.451Z","updatedAt":"2024-11-05T14:01:26.371Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":79,"revision":34,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Intermediate","href":"#","nestedLinks":[{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"6JgiUT3XStTeQsGjHf5Mzp","type":"Entry","createdAt":"2023-09-28T17:57:21.395Z","updatedAt":"2024-11-05T14:01:29.032Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":68,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Intermediate security: Continue your journey","href":"/learn/pathways/security/intermediate/intermediate-guides-github-advanced-security"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"7anHuslK5cFDXXhYasHCvb","type":"Entry","createdAt":"2023-09-22T22:35:08.512Z","updatedAt":"2024-11-05T14:01:31.376Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":70,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Guide 1: Advanced CodeQL setup","href":"/learn/pathways/security/intermediate/codeql-advanced-setup"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"1NCyrcJbYCGdHeJumxTZiY","type":"Entry","createdAt":"2023-09-22T22:35:08.534Z","updatedAt":"2024-11-05T14:01:34.032Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":69,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Guide 2: Fine-tune testing scope with CodeQL ","href":"/learn/pathways/security/intermediate/fine-tune-testing-scope-with-codeql"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"6wtE6ongGYLzaJggB3wcwZ","type":"Entry","createdAt":"2023-09-22T22:35:08.552Z","updatedAt":"2024-11-05T14:01:36.565Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":70,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Guide 3: Extend your testing with third-party tools with GitHub code scanning","href":"/learn/pathways/security/intermediate/third-party-tools-integration-code-scanning"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"5e4Rl6gw8lNIGisZ0SY0cB","type":"Entry","createdAt":"2023-09-22T22:35:08.567Z","updatedAt":"2024-11-05T14:01:39.028Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":70,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Guide 4: Customizing the scope of secret scanning","href":"/learn/pathways/security/intermediate/customizing-secret-scanning-scope"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"5YJ6xU4J41yGTphobMwNLH","type":"Entry","createdAt":"2023-09-22T22:35:08.583Z","updatedAt":"2024-11-05T14:01:41.561Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":70,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Guide 5: Customize dependency review configuration","href":"/learn/pathways/security/intermediate/customize-dependency-review-configuration"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"1orz4rBUz3uY9x5z7iJIuK","type":"Entry","createdAt":"2023-09-22T22:35:08.605Z","updatedAt":"2024-11-05T14:01:44.492Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":72,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Intermediate module on GitHub Advanced Security wrap-up","href":"/learn/pathways/security/intermediate/intermediate-security-module-wrap-up"}}]}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"3BktEGh7bBRM7f75nBHxg4","type":"Entry","createdAt":"2023-09-22T22:35:08.623Z","updatedAt":"2024-11-05T14:01:53.004Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":81,"revision":35,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Advanced","href":"#","nestedLinks":[{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"2fP3eA7vPxY0T2JuAAG3Xd","type":"Entry","createdAt":"2023-09-28T17:57:21.414Z","updatedAt":"2024-11-05T14:01:55.828Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":67,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Advanced security: Become the expert","href":"/learn/pathways/security/advanced/advanced-module-github-advanced-security"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"3eDAWMsHiA2M7dqjGiBwN8","type":"Entry","createdAt":"2023-09-22T22:35:08.645Z","updatedAt":"2024-11-05T14:01:58.450Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":71,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Guide 1: Create a central CodeQL configuration file","href":"/learn/pathways/security/advanced/creating-central-codeql-configuration"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"77w0DKfMS36admfWKP1X0b","type":"Entry","createdAt":"2023-09-22T22:35:08.664Z","updatedAt":"2024-11-05T14:02:01.151Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":71,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Guide 2: Understand your end-to-end software supply chain","href":"/learn/pathways/security/advanced/understanding-software-supply-chain"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"L8ycMhpQHcKqAvVH7KVsX","type":"Entry","createdAt":"2023-09-22T22:35:08.683Z","updatedAt":"2024-11-05T14:02:03.832Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":71,"revision":33,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Advanced module on GitHub Advanced Security wrap-up","href":"/learn/pathways/security/advanced/advanced-security-module-wrap-up"}}]}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"5E3xgSxzLnCU0UvPVeGEVg","type":"Entry","createdAt":"2023-09-22T22:35:08.699Z","updatedAt":"2024-11-05T14:02:06.444Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":75,"revision":35,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"More Learning Pathways","href":"#","nestedLinks":[{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"1z8RkcTKn6pIVTD1Tb1rmE","type":"Entry","createdAt":"2023-09-22T21:30:24.656Z","updatedAt":"2024-11-05T14:02:09.020Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":113,"revision":53,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Start your automation pathway","href":"/learn/pathways/automation"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"3FlwdbhjNquuTLKDWb1xaT","type":"Entry","createdAt":"2023-09-22T22:35:08.736Z","updatedAt":"2024-11-05T14:00:44.529Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":114,"revision":52,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Start your governance pathway","href":"/learn/pathways/administration-governance/"}},{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"3wDJPLZunotkpdqrxZo0Bg","type":"Entry","createdAt":"2024-02-27T17:27:58.016Z","updatedAt":"2024-11-05T14:00:47.234Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":71,"revision":34,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"guideLink"}}},"fields":{"text":"Start your GitHub Copilot pathway","href":"/learn/pathways/copilot/essentials/essentials-of-github-copilot"}}]}}]}},"authors":[{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"1qkBXdtCIFRb44aOyCNYDb","type":"Entry","createdAt":"2023-09-22T22:35:08.755Z","updatedAt":"2024-11-21T18:57:24.467Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":92,"revision":44,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"person"}}},"fields":{"name":"Nicholas Liffen","avatar":{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"lGT4vwbEHGrEwL3zQIV2c","type":"Asset","createdAt":"2023-09-22T22:35:07.970Z","updatedAt":"2024-03-11T21:05:06.581Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":8,"revision":2},"fields":{"title":"Nicholas Liffen avatar","description":"Nicholas Liffen avatar","file":{"url":"//images.ctfassets.net/wfutmusr1t3h/lGT4vwbEHGrEwL3zQIV2c/50e0f8c6862c29566c6fb8dec30b3d42/Nicholas_Liffen_GitHub.jpeg","details":{"size":84243,"image":{"width":800,"height":800}},"fileName":"Nicholas Liffen GitHub.jpeg","contentType":"image/jpeg"}}},"title":"Director, GitHub Advanced Security","company":"GitHub"}}],"body":{"data":{},"content":[{"data":{},"content":[{"data":{},"marks":[],"value":"In this module, you鈥檒l get started with GHAS and immediately begin fixing vulnerabilities and preventing future security problems. All it takes is a few clicks! To help us along the way, we鈥檒l be joined by Justin Watts, director of engineering productivity at Canadian telecom TELUS, who will share insights and best practices.","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"\n","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"By the end of this module, you鈥檒l understand the detection methods GHAS includes, the differences between its key features, how to enable those key features with their default settings at the repository level, and how to start viewing results and remediating vulnerabilities.聽","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"Prerequisites","nodeType":"text"}],"nodeType":"heading-2"},{"data":{},"content":[{"data":{},"marks":[],"value":"\n","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"content":[{"data":{},"content":[{"data":{},"marks":[],"value":"A GitHub Advanced Security license","nodeType":"text"}],"nodeType":"paragraph"}],"nodeType":"list-item"},{"data":{},"content":[{"data":{},"content":[{"data":{},"marks":[],"value":"Repository admin or organization Security Manager permissions","nodeType":"text"}],"nodeType":"paragraph"}],"nodeType":"list-item"},{"data":{},"content":[{"data":{},"content":[{"data":{},"marks":[],"value":"Basic knowledge of GitHub, such as forking repositories and committing changes","nodeType":"text"}],"nodeType":"paragraph"}],"nodeType":"list-item"}],"nodeType":"unordered-list"},{"data":{},"content":[{"data":{},"marks":[],"value":"\n","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"In this module, we will be using an example application called ","nodeType":"text"},{"data":{"uri":"https://github.com/juice-shop/juice-shop"},"content":[{"data":{},"marks":[],"value":"OWASP Juice Shop","nodeType":"text"}],"nodeType":"hyperlink"},{"data":{},"marks":[],"value":" to explore the features of GitHub Advanced Security. Juice Shop is an open source, deliberately insecure application widely used for security testing and benchmarking.","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"\n","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"Essentials module overview","nodeType":"text"}],"nodeType":"heading-2"},{"data":{},"content":[{"data":{},"marks":[],"value":"\n","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"Guide 1: ","nodeType":"text"},{"data":{"uri":"https://resources.github.com/learn/pathways/security/essentials/application-security-testing-github-advanced-security"},"content":[{"data":{},"marks":[],"value":"Understanding GitHub Advanced Security","nodeType":"text"}],"nodeType":"hyperlink"},{"data":{},"marks":[],"value":"","nodeType":"text"}],"nodeType":"heading-3"},{"data":{},"content":[{"data":{},"marks":[],"value":"Learn about the detection methods GHAS includes, how the different features help secure various parts of your software, and what capabilities are available to report on your security progress.","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"\n","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"Guide 2: ","nodeType":"text"},{"data":{"uri":"https://resources.github.com/learn/pathways/security/essentials/enabling-github-advanced-security"},"content":[{"data":{},"marks":[],"value":"Enabling GitHub Advanced Security","nodeType":"text"}],"nodeType":"hyperlink"},{"data":{},"marks":[],"value":"","nodeType":"text"}],"nodeType":"heading-3"},{"data":{},"content":[{"data":{},"marks":[],"value":"How to enable GitHub Advanced Security at the repository level, this includes code scanning, CodeQL, dependency review, and secret scanning.","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"\n","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"Guide 3: ","nodeType":"text"},{"data":{"uri":"https://resources.github.com/learn/pathways/security/essentials/reviewing-github-advanced-security-scan-results"},"content":[{"data":{},"marks":[],"value":"Reviewing GitHub Advanced Security scan results","nodeType":"text"}],"nodeType":"hyperlink"},{"data":{},"marks":[],"value":"","nodeType":"text"}],"nodeType":"heading-3"},{"data":{},"content":[{"data":{},"marks":[],"value":"How to view results from code scanning, secret scanning, and Dependabot, how to dismiss false positives in secret scanning, and how to automatically remediate vulnerabilities with Dependabot.","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"\n\n\n","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"Industry expert insights from:","nodeType":"text"}],"nodeType":"heading-2"},{"data":{},"content":[{"data":{},"marks":[],"value":"\n\n","nodeType":"text"},{"data":{},"marks":[{"type":"bold"}],"value":"TELUS: ","nodeType":"text"},{"data":{},"marks":[],"value":"TELUS is a leading communications and information technology provider in Canada, responsible for powering essential services for over 35 million people across the country. With a diverse team of 78,000, including nearly 5,000 developers, analysts, and technicians, TELUS faces the monumental task of unifying various tools and technologies. By adopting GitHub, they centralized their software development, streamlined testing through GitHub Actions, and enhanced security protocols. This has resulted in significant time savings and elevated code quality across their workforce of nearly 5,000 tech professionals.","nodeType":"text"}],"nodeType":"paragraph"},{"data":{},"content":[{"data":{},"marks":[],"value":"Begin Guide 1: ","nodeType":"text"},{"data":{"uri":"https://resources.github.com/learn/pathways/security/essentials/application-security-testing-github-advanced-security/"},"content":[{"data":{},"marks":[],"value":"Understanding GitHub Advanced Security","nodeType":"text"}],"nodeType":"hyperlink"},{"data":{},"marks":[],"value":"","nodeType":"text"}],"nodeType":"heading-3"},{"data":{},"content":[{"data":{},"marks":[],"value":"","nodeType":"text"}],"nodeType":"paragraph"}],"nodeType":"document"}}},"seo":{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"EG0Q8d4s7gyLFZYRj72GL","type":"Entry","createdAt":"2023-09-22T22:35:08.773Z","updatedAt":"2024-10-03T12:26:55.483Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":65,"revision":28,"contentType":{"sys":{"type":"Link","linkType":"ContentType","id":"seo"}}},"fields":{"metaTitle":"GitHub Advanced Security essential guides and tutorials","metaDescription":"Learn the basics and start automating your application security testing and remediation with GitHub Advanced Security in just a few clicks.","metaImage":{"metadata":{"tags":[],"concepts":[]},"sys":{"space":{"sys":{"type":"Link","linkType":"Space","id":"wfutmusr1t3h"}},"id":"2c5pvD8RaUBtqrcEULhGV9","type":"Asset","createdAt":"2023-09-26T13:19:26.143Z","updatedAt":"2023-10-12T19:48:14.583Z","environment":{"sys":{"id":"master","type":"Link","linkType":"Environment"}},"publishedVersion":18,"revision":4},"fields":{"title":"SEO image","description":"GitHub logo Learning Pathways with swirling multicolored shapes","file":{"url":"//images.ctfassets.net/wfutmusr1t3h/2c5pvD8RaUBtqrcEULhGV9/05d3a8abb0117edb962d6a5b0507b275/PrimaryLP_1200x630px_2x.png","details":{"size":2310407,"image":{"width":2400,"height":1261}},"fileName":"PrimaryLP_1200x630px@2x.png","contentType":"image/png"}}}}}}},"path":"/learn/pathways/security/essentials/essentials-github-advanced-security","indexData":null,"type":"guidePage","featureFlags":{"featureEnabledNewFormsService":false,"featureEnabledNewAppNavigation":true,"featureEnableSearch":false},"config":{"formsEndpoint":"https://marketing-forms-api.github.com/"}},"__N_SSP":true},"page":"/[...path]","query":{"path":["learn","pathways","security","essentials","essentials-github-advanced-security"]},"buildId":"ZokmF09g2SkORXwoG0TZr","isFallback":false,"isExperimentalCompile":false,"gssp":true,"locale":"en-US","locales":["en-US","ja","pt-BR","es-419","ko-KR"],"defaultLocale":"en-US","scriptLoader":[]}</script><div id="ghcc" style="position:sticky;bottom:0;z-index:99999"></div></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10