Skip to content
/ securing-your-code Public template

Securing your Code with GitHub workshop

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

github-samples/securing-your-code

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

77 Commits
.devcontainer
.devcontainer
 
 
.github
.github
 
 
_labs
_labs
 
 
config
config
 
 
data
data
 
 
encryptionkeys
encryptionkeys
 
 
frontend
frontend
 
 
ftp
ftp
 
 
i18n
i18n
 
 
lib
lib
 
 
models
models
 
 
monitoring
monitoring
 
 
routes
routes
 
 
rsn
rsn
 
 
screenshots
screenshots
 
 
test
test
 
 
uploads/complaints
uploads/complaints
 
 
vagrant
vagrant
 
 
views
views
 
 
.dockerignore
.dockerignore
 
 
.eslintrc.js
.eslintrc.js
 
 
.gitignore
.gitignore
 
 
.npmrc
.npmrc
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
Gruntfile.js
Gruntfile.js
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SUPPORT.md
SUPPORT.md
 
 
app.json
app.json
 
 
app.ts
app.ts
 
 
cypress.config.ts
cypress.config.ts
 
 
docker-compose.test.yml
docker-compose.test.yml
 
 
package.json
package.json
 
 
secrets.txt
secrets.txt
 
 
server.ts
server.ts
 
 
swagger.yml
swagger.yml
 
 
threat-model.json
threat-model.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Securing your code with GitHub

@joshjohanning @mickeygousset @writingpanda @felickz @tspascoal

Workshop Labs Resources

  • Who is this for: Enterprise - Engineering Leadership, Enterprise - Developers, Open Source Developers or Maintainers, Security Professionals, Startups, Security Leadership, Educators
  • What you'll learn: Here at GitHub, we like to say that "found means fixed." That's because when issues are found they can more easily be fixed. In this workshop you'll dive into a repository filled with security alerts and begin to remediate them using GitHub Advanced Security (GHAS) and Dependabot, effectively maintaining code integrity. You'll also encounter and resolve a few security issues using Copilot Autofix. The end goal? To learn and develop strategies to motivate your developers to turn reactive fixes into proactive security habits.

See requirements to see what is needed to run this lab.

Workshop Labs

Lab 1 - GitHub Advanced Security Feature Introduction

This lab will introduce you to GitHub Advanced Security (GHAS) and its features.

  • Get started here - Lab 1

Lab 2 - Reviewing and Managing Security Alerts

This lab will show you how to review and managed the alerts created in Lab 1.

  • Get started here - Lab 2

Lab 3 - Hands-on with Code Scanning

This lab will have you add some bad code, utilize repository rulesets to block the code, and Copilot Autofix to fix the code.

  • Get started here - Lab 3

Lab 4 - Hands-on with Dependency Review

This lab will have you utilize the Dependency Review action to stop a bad vulnerability in a pull request.

  • Get started here - Lab 4

Lab 5 - Hands-on with Secret Scanning

This lab will have you utilize Secret Scanning with Push Protection to prevent secrets from entering the codebase.

  • Get started here - Lab 5

Lab 6 - Hands-on with Security Overview

This lab will teach you how to effectively use the Security Overview to review and alerts and coverage in an organization.

  • Get started here - Lab 6

Extra Credit: Advanced CodeQL Setup

This open-ended extra credit lab will have you switch to the advanced CodeQL setup.

Extra Credit: Custom Patterns for Secret Scanning

This open-ended extra credit lab will have you create a custom secret scanning pattern.

📖 Resources

License

Securing your code with GitHub

This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.

OWASP Juice Shop

This lab uses and includes sample code from the OWASP Juice Shop project. The Juice Shop is Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors. Please refer to the LICENSE for the full terms.

About

Securing your Code with GitHub workshop

Topics

dependency-graph dependabot secrets-detection code-security ghas

Resources

Readme

License

View license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors 7

Languages