Chapters (100)
- 0:00Introduction
- 9:24Git Overview
- 10:22GitHub Overview
- 11:26Git Terms
- 14:53GitHub Repo Overview
- 15:46Git Commit Overview
- 16:40Git Branch Overview
- 17:52Git Remote to Downstream or Upstream
- 18:28Advanced Security Overview
- 19:08GHAS Enabled Plans
- 21:02GitHub Security
- 22:56GHAS Use Cases
- 23:58GHAS Components
- 25:03Taking action on Alerts
- 26:38How to enable GHAS
- 27:53How to enable GHAS Automatically
- 29:14Which GHAS do you have
- 30:13GHAS Introduction Follow Along
- 41:27What is a Security Vulnerability
- 42:41Types of Security Vulnerabilities
- 43:540 Day Vulnerabilities
- 44:23Most Common Vulnerabilities
- 44:51Finding Vulnerabilities in GitHub
- 45:51GitHub Advisory Database
- 46:56Secret Scanning Overview
- 47:31Secret Scanning Locations
- 47:58Enabling Secret Scanning
- 48:09Secret Scanning Partner Program
- 48:47Partner Program Use Case
- 49:41Starting a Scan
- 50:11Scan Running Times
- 51:08Secret Scanning Follow Along
- 53:45Set Ignore Follow Along
- 57:05Set Notifications Follow Along
- 1:01:17Open Source Popularity
- 1:01:42Open Source Maintenance Problems
- 1:02:19Dependency Graph for Open Source
- 1:02:36Dependency Graph Examples
- 1:02:59Dependabot Overview
- 1:03:19Dependabot Use Case Example
- 1:04:27Dependabot Features
- 1:05:10Enabling Dependabot
- 1:05:40Dependabot Licensing for Private Repos
- 1:05:58Dependabot Private Repository Workflow
- 1:06:23Triaging Dependabot Vulnerabilities
- 1:07:32Dependabot Limitations
- 1:08:39Dependabot Follow Along
- 1:20:07Code Scanning Overview
- 1:20:31Supported Repositories
- 1:21:02How Code Scanning Works
- 1:21:25Starting a Scan
- 1:22:44Code Scanning Setup Options
- 1:24:16Where to Implement Scanning
- 1:25:17Code Scanning Actions
- 1:25:35Scanning Trigger Types
- 1:26:40Code Scanning Follow Along
- 1:38:33Enabling Code Scanning
- 1:39:00Third Party SARIF Files Overview
- 1:39:39Uploading Third Party SARIF Files
- 1:40:09Third Party SARIF File Example
- 1:40:42Default Code Scanning
- 1:41:36Custom Code Scanning
- 1:41:58Code Language Detection Scanning
- 1:42:34CodeQL Database Analysis
- 1:43:15CodeQL Query Analysis
- 1:44:10Types of CodeQL Queries
- 1:44:52CodeQL Queries DeepDive
- 1:45:42Code Query Anatomy
- 1:47:29Code Query Suite
- 1:47:52Types of Code Query Suites
- 1:48:28Code Query Findings
- 1:49:04CodeQL Packs
- 1:50:08Code Scanning Workflow
- 1:50:50CodeQL Partner Integrations
- 1:51:25Workflow Priority Order
- 1:51:55Alerts Workflow
- 1:53:08Alerts Security Incident Example
- 1:54:12CodeQL Follow Along
- 2:17:40Software Development Lifecycle SDLC
- 2:18:30SDLC Restricting Access
- 2:19:11SDLC Security Overview
- 2:19:54SDLC Security Policies
- 2:20:28SDLC Secret Scanning
- 2:21:10SDLC Security Workflow
- 2:22:02Types of Vulnerabilities
- 2:23:16GitHub Advisory Database
- 2:24:03Developer Roles and Responsibilities
- 2:25:09Security Roles and Responsibilities
- 2:25:37Admin Roles and Responsibilities
- 2:26:13Additional Roles and Responsibilities
- 2:27:11Notifying Responsible Parties
- 2:28:13Triage Workflow based on Risk Ratings
- 2:29:34Should I purchase a GHAS License
- 2:30:08Enabling GHAS in GitHub
- 2:30:49Levels of Enablement
- 2:31:42Levels of Access to Alerts
- 2:33:16Required Level of Access
- 2:33:52Security Overview
- 2:34:27GHAS Logging
- 2:35:08API Endpoints for Security
Show the creator's full description
Learn what you need to know to pass the GitHub Advanced Security Certification.
Highlight your code security knowledge with the GitHub Advanced Security certification. Validate your expertise in vulnerability identification, workflow security, and robust security implementation—elevating software integrity standards.
⭐️ Course Contents ⭐️
GitHub Advanced Security Overview
00:00:00 Introduction
00:09:24 Git Overview
00:10:22 GitHub Overview
00:11:26 Git Terms
00:14:53 GitHub Repo Overview
00:15:46 Git Commit Overview
00:16:40 Git Branch Overview
00:17:52 Git Remote to Downstream or Upstream
00:18:28 Advanced Security Overview
00:19:08 GHAS Enabled Plans
00:21:02 GitHub Security
00:22:56 GHAS Use Cases
00:23:58 GHAS Components
00:25:03 Taking action on Alerts
00:26:38 How to enable GHAS
00:27:53 How to enable GHAS Automatically
00:29:14 Which GHAS do you have
00:30:13 GHAS Introduction Follow Along
Security Overview
00:41:27 What is a Security Vulnerability
00:42:41 Types of Security Vulnerabilities
00:43:54 0 Day Vulnerabilities
00:44:23 Most Common Vulnerabilities
00:44:51 Finding Vulnerabilities in GitHub
00:45:51 GitHub Advisory Database
Secret Scanning
00:46:56 Secret Scanning Overview
00:47:31 Secret Scanning Locations
00:47:58 Enabling Secret Scanning
00:48:09 Secret Scanning Partner Program
00:48:47 Partner Program Use Case
00:49:41 Starting a Scan
00:50:11 Scan Running Times
00:51:08 Secret Scanning Follow Along
00:53:45 Set Ignore Follow Along
00:57:05 Set Notifications Follow Along
Dependency Management
01:01:17 Open Source Popularity
01:01:42 Open Source Maintenance Problems
01:02:19 Dependency Graph for Open Source
01:02:36 Dependency Graph Examples
01:02:59 Dependabot Overview
01:03:19 Dependabot Use Case Example
01:04:27 Dependabot Features
01:05:10 Enabling Dependabot
01:05:40 Dependabot Licensing for Private Repos
01:05:58 Dependabot Private Repository Workflow
01:06:23 Triaging Dependabot Vulnerabilities
01:07:32 Dependabot Limitations
01:08:39 Dependabot Follow Along
Code Scanning
01:20:07 Code Scanning Overview
01:20:31 Supported Repositories
01:21:02 How Code Scanning Works
01:21:25 Starting a Scan
01:22:44 Code Scanning Setup Options
01:24:16 Where to Implement Scanning
01:25:17 Code Scanning Actions
01:25:35 Scanning Trigger Types
01:26:40 Code Scanning Follow Along
CodeQL
01:38:33 Enabling Code Scanning
01:39:00 Third Party SARIF Files Overview
01:39:39 Uploading Third Party SARIF Files
01:40:09 Third Party SARIF File Example
01:40:42 Default Code Scanning
01:41:36 Custom Code Scanning
01:41:58 Code Language Detection Scanning
01:42:34 CodeQL Database Analysis
01:43:15 CodeQL Query Analysis
01:44:10 Types of CodeQL Queries
01:44:52 CodeQL Queries DeepDive
01:45:42 Code Query Anatomy
01:47:29 Code Query Suite
01:47:52 Types of Code Query Suites
01:48:28 Code Query Findings
01:49:04 CodeQL Packs
01:50:08 Code Scanning Workflow
01:50:50 CodeQL Partner Integrations
01:51:25 Workflow Priority Order
01:51:55 Alerts Workflow
01:53:08 Alerts Security Incident Example
01:54:12 CodeQL Follow Along
GHAS Best Practices
02:17:40 Software Development Lifecycle SDLC
02:18:30 SDLC Restricting Access
02:19:11 SDLC Security Overview
02:19:54 SDLC Security Policies
02:20:28 SDLC Secret Scanning
02:21:10 SDLC Security Workflow
02:22:02 Types of Vulnerabilities
02:23:16 GitHub Advisory Database
02:24:03 Developer Roles and Responsibilities
02:25:09 Security Roles and Responsibilities
02:25:37 Admin Roles and Responsibilities
02:26:13 Additional Roles and Responsibilities
02:27:11 Notifying Responsible Parties
02:28:13 Triage Workflow based on Risk Ratings
GHAS for Enterprise
02:29:34 Should I purchase a GHAS License
02:30:08 Enabling GHAS in GitHub
02:30:49 Levels of Enablement
02:31:42 Levels of Access to Alerts
02:33:16 Required Level of Access
02:33:52 Security Overview
02:34:27 GHAS Logging
02:35:08 API Endpoints for Security
❤️ Support for this channel comes from our friends at Scrimba – the coding platform that's reinvented interactive learning: https://scrimba.com/freecodecamp
Description and video by freeCodeCamp.org. This page is an independent companion view; the video is embedded from YouTube.