github-samples
diff --git a/‎README.md
+7-4 b/‎README.md
+7-4
diff --git a/‎_labs/images/lab-1-1-1.png
-53.6 KB b/‎_labs/images/lab-1-1-1.png
-53.6 KB
diff --git a/‎_labs/images/lab-1-3-1.png
-7.37 KB b/‎_labs/images/lab-1-3-1.png
-7.37 KB
diff --git a/‎_labs/images/lab-2-1-1.png
439 Bytes b/‎_labs/images/lab-2-1-1.png
439 Bytes
diff --git a/‎_labs/images/lab-2-1-3.png
-56 KB b/‎_labs/images/lab-2-1-3.png
-56 KB
diff --git a/‎_labs/images/lab-2-1-5.png
-190 KB b/‎_labs/images/lab-2-1-5.png
-190 KB
diff --git a/‎_labs/images/lab-2-3-1.png
-52.1 KB b/‎_labs/images/lab-2-3-1.png
-52.1 KB
diff --git a/‎_labs/images/lab-3-1-3.png
-32.4 KB b/‎_labs/images/lab-3-1-3.png
-32.4 KB
diff --git a/‎_labs/images/lab-3-2-2.png
-143 KB b/‎_labs/images/lab-3-2-2.png
-143 KB
diff --git a/‎_labs/images/logo.png
-58.5 KB b/‎_labs/images/logo.png
-58.5 KB
diff --git a/‎_labs/lab1.md
+31-25 b/‎_labs/lab1.md
+31-25
@@ -1,11 +1,11 @@
 
-<h1 align="center">LAB410: Found means fixed: Diminish security debt with GitHub Advanced Security</h1>
-
-![LAB410: Found means fixed: Diminish security debt with GitHub Advanced Security](./_labs/images/logo.png)
+<h1 align="center">Securing your code with GitHub</h1>
 
 <h5 align="center"><a href="https://github.com/joshjohanning">@joshjohanning</a> <a href="https://github.com/mickeygousset">@mickeygousset</a>
 <a href="https://github.com/writingpanda">@writingpanda</a>
-<a href="https://github.com/felickz">@felickz</a></h3>
+<a href="https://github.com/felickz">@felickz</a>
+<a href="https://github.com/tspascoal">@tspascoal</a>
+</h5>
 
 <p align="center">
   <a href="#workshop-labs">Workshop Labs</a>
@@ -15,6 +15,9 @@
 - **Who is this for**: Enterprise - Engineering Leadership, Enterprise - Developers, Open Source Developers or Maintainers, Security Professionals, Startups, Security Leadership, Educators
 - **What you'll learn**: Here at GitHub, we like to say that "found means fixed." That's because when issues are found they can more easily be fixed. In this workshop you'll dive into a repository filled with security alerts and begin to remediate them using GitHub Advanced Security (GHAS) and Dependabot, effectively maintaining code integrity. You'll also encounter and resolve a few security issues using Copilot Autofix. The end goal? To learn and develop strategies to motivate your developers to turn reactive fixes into proactive security habits.
 
+
+See [requirements](_labs/requirements.md) to see what is needed to run this lab.
+
 ---
 
 ## Workshop Labs
 
@@ -2,6 +2,9 @@
 
 Welcome! In this lab, you will be introduced to GitHub Advanced Security (GHAS) and its features. You will use the Juice Shop sample repository to enable the GHAS features, manage alerts, and learn how GitHub Advanced Security can keep vulnerabilities out of your code in the first place.
 
+> [!NOTE]
+> Please note that the screenshots provided are intended to serve as general examples. While we strive to keep all information current, some screenshots may not reflect the most recent updates, as security data is continually evolving and expanding. As a result, the content and figures you observe may differ slightly from what is shown here.
+
 <!--
 > [!TIP]
 > We recommend opening up two browser windows, one with the lab and one with the working copy of your repo!
@@ -11,11 +14,11 @@ Welcome! In this lab, you will be introduced to GitHub Advanced Security (GHAS)
 
 In this exercise, you will create a repository with code from which you can work to test the GHAS capabilities.
 
-1. Navigate to +++https://github.com/Ignite-GHAS-Workshop/ghas-workshop-repo+++ in your browser.
+1. Navigate to `https://github.com/github-samples/securing-your-code` in your browser.
 2. Click the green **Use this template** button in the upper right corner of the page.
-3. Create a new repository in our organization by choosing Owner as **Ignite24-Labs** in the dropdown.  
+3. Create a new repository in our organization by choosing Owner in the dropdown (either personal or organization).
 4. Give the repository a unique name **my-ghas-workshop-repo-<my-unique-repo-name-here>**.  Click the green link below for inspiration on a unique repo name 😉.
-5. Make sure you switch it to visibility **Private** so your work does not conflict with other attendees!  Now click **Create repository**.
+5. Make sure you switch it to visibility to **Public** if using a personal account if using an organization check the notes in [requirements](./requirements.md) for visibility.  Now click **Create repository**.
 6. The page will refresh after a few seconds where you can now see the code we will be working with.  
 
 ## Enabling the security settings
@@ -29,74 +32,77 @@ Although Dependabot isn't part of the GitHub Advanced Security product suite, it
 Dependabot and Dependency Graph should already be turned on for your repository. If not, follow the steps below.
 
 1. We first want to turn on the security settings for the repository. Navigate to the **Settings** tab (the icon of the gear) in the repo.
-2. Click on the  **Code security** section.
-3. Ensure the Dependency Graph is enabled.  This will be indicated by a red **Disable** button.  If there is a black **Enable** button, click it to enable the **Dependency Graph** setting. To enable Dependabot, we first have to enable the Dependency Graph. This allows Dependabot to ingest your package manifest files.
+2. Click on the  **Advanced Security** section.
+3. Ensure the Dependency Graph is enabled (scroll down to **Code Security** group).  This will be indicated by a red **Disable** button.  If there is a black **Enable** button, click it to enable the **Dependency Graph** setting. To enable Dependabot, we first have to enable the Dependency Graph. This allows Dependabot to ingest your package manifest files.
+  - Note: If using a public repository you cannot disable dependency graph.
 4. Ensure the Dependabot alerts are enabled.  This will be indicated by a red **Disable** button.  If there is a black **Enable** button, click it to enable the **Dependabot alerts** setting. This feature will create alerts for vulnerable dependencies found in your repository.
 5. Click the **Enable** button next to the **Dependabot security updates** setting.
     - This will automatically create pull requests to update your vulnerable dependencies (if there is a non-vulnerable version to upgrade to).
     - Note: there is a [maximum number of pull requests that this feature will create (10)](https://docs.github.com/en/enterprise-cloud@latest/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#dependabot-cannot-open-any-more-pull-requests).
 
 <details>
-![image](./images/lab-1-1-1.png)
 
-![image](images/lab-1-1-1.png)
+![image](./images/lab-1-1-1.png)
 </details>
 
-Once you are done turning on Dependabot features, the next thing we will need to do is turn on GitHub Advanced Security.
+Once you are done turning on Dependabot features, the next thing we will need to do is turn on GitHub Advanced Security features.
 
-### Exercise 2: Enable Advanced Security and Code Scanning
+### Exercise 2: Enable Code Security
 
-1. Next, let's enable **Code Scanning with CodeQL**. These settings are also under the **Code security** settings page.
-2. Ensure GitHub Advanced Security is enabled.  This will be indicated by a red **Disable** button.  If there is a black **Enable** button, click it to enable **GitHub Advanced Security**.  A prompt will confirm that you want to **Enable GitHub Advanced Security for this repository** - click the button.
-    - The prompt tells you how many GitHub Advanced Security licenses you would consume by enabling this feature - which is useful if you are an organization owner and want to ensure you have enough licenses for your organization.
-3. Underneath the **GitHub Advanced Security | Code scanning** heading, click the **Set up** button in the **CodeQL analysis** row.
+1. Next, let's enable **Code Scanning with CodeQL**. These settings are also under the **Advanced Security** settings page.
+2. Ensure **Code Security** is enabled.  This will be indicated by a red **Disable** button.  If there is a black **Enable** button, click it to enable **Code Security**.
+3. Underneath the **Code Security | Tools** heading, click the **Set up** button in the **CodeQL analysis** row.
 
 > [!NOTE]  
-> If you do not see the **Code scanning** heading on the **Code security** page after enabling **GitHub Advanced Security** - you have likely not created your repo in the proper Organization. Go back to the beginning of this lab and ensure you choose **Ignite24-Labs** value from the dropdown as the new repository **Owner** when you choose **Use this template**.
+> If you do not see the **Code security** heading you have likely not created your repo with Public visibility if using a personal account or in a Organization which has GitHub Advanced Security licenses. Go back to the beginning of this lab and ensure you choose the right owner or repository visibility.
 
 4. There are two options: **Default** and **Advanced**. Select the **Default** option and review the settings.
-    - For this lab, we will use the **Default** setup, which creates a managed Actions workflow (i.e. you will not see a codeql.yaml file committed to the repo). You can use the Advanced option to manage your code scanning workflow as a GitHub Actions workflow YAML file committed to the repo. The **Default** option is a great option to get started quickly to enable code scanning in a repository without needing to commit any additional code.
+    - For this lab, we will use the **Default** setup, which creates a managed Actions workflow (i.e. you will not see a codeql.yaml file committed to the repo). The Advanced option can be used to manage your code scanning workflow as a GitHub Actions workflow YAML file committed to the repo. The **Default** option is a great option to get started quickly to enable code scanning in a repository without needing to commit any additional code.
     - By default, it will scan the JavaScript code, use the default CodeQL queries (for highest precision), and scan the default branch on push, pull request, and on a weekly schedule.
 
 <details>
+
   ![image](images/lab-1-2-1.png)
 </details>
 
 5. Click the **Enable CodeQL** button to save the settings and enable Code Scanning.
 
 <details>
+
   ![image](images/lab-1-2-2.png)
 </details>
 
-6. Ensure that **Copilot Autofix** slider is enabled as **On |** (in the **Code Scanning --> Tools** section).
+6. Ensure that **Copilot Autofix** slider is enabled as **On |** (in the **Code Security --> Tools** section).
 
 <details>
+
   ![image](images/lab-1-2-3.png)
 </details>
 
 > [!NOTE]  
 > You do not need a Copilot license in order to use the Copilot features with GitHub Advanced Security. However, Copilot can certainly be helpful in resolving issues in your IDE by using Copilot chat to explain the vulnerability and how to fix it.
 
-7. Optionally, configure the **Check runs failure threshold** - by default, a pull request will be blocked if there are any high or higher security alerts.
+7. Optionally, configure the **Check runs failure threshold** (in **Protection Rules** section) - by default, a pull request will be blocked if there are any high or higher security alerts _once_ you configure a branch ruleset.
 
-### Exercise 3: Enable Secret Scanning
+### Exercise 3: Enable Secret Protection
 
-1. Ensure that Secret Scanning is enabled.  This will be indicated by a red **Disable** button.  If there is a black **Enable** button, click it to enable **Secret Scanning**.
-2. Check the box to **Scan for generic secrets**. This feature uses AI to find secrets/passwords that may be in your code that do not correspond to a known provider pattern.
-3. Click the **Enable** button next to the **Validity checks** setting. This feature checks if the secret is still valid for [specific partners](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#high-confidence-patterns), such as Azure, AWS, and, of course, GitHub. As an example, you can use this feature to check if a GitHub personal access token found in the repo is still valid and needs to be revoked.
-4. Click the **Enable** button next to the **Non-provider patterns** setting. This scans for patterns that do not correspond to partners but still have a common syntax, such as a MySQL or MongoDB connection string.
-5. Click the **Enable** button next to the "Push protection" setting. This feature will block pushes that contain high-precision secrets. You can use this [chart](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets) to determine which types of secrets would be blocked with secret scanning push protection enabled.
+1. Ensure that Secret Protection is enabled.  This will be indicated by a red **Disable** button.  If there is a black **Enable** button, click it to enable **Secret Scanning**.
+2. Click the **Enable** button next to the **Validity checks** setting. This feature checks if the secret is still valid for [specific partners](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#high-confidence-patterns), such as Azure, AWS, and, of course, GitHub. As an example, you can use this feature to check if a GitHub personal access token found in the repo is still valid and needs to be revoked.
+3. Click the **Enable** button next to the **Non-provider patterns** setting. This scans for patterns that do not correspond to partners but still have a common syntax, such as a MySQL or MongoDB connection string.
+4. Check the box to **Scan for generic passwords**. This feature uses AI to find secrets/passwords that may be in your code that do not correspond to a known provider pattern.
+5. Click the **Enable** button next to the **Push protection** setting. This feature will block pushes that contain high-precision secrets. You can use this [chart](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets) to determine which types of secrets would be blocked with secret scanning push protection enabled.
 6. Optionally, configure **Who can bypass push protection for secret scanning**.
     - By default, as to not interrupt developers' workflows, anyone with write access to the repository can manually bypass a blocked push that contains secrets (administrators will be notified of this, and it is also captured in the audit logs).
-    - In Private and internal repositories in organizations using GitHub Enterprise Cloud with GitHub Advanced Security enabled, you can change this to only allow select users/teams (or no one) to bypass secret scanning push protection.
+    - In Private and internal repositories in organizations using GitHub Enterprise Cloud with GitHub Advanced Security enabled, you can change this to only allow select roles/teams (or no one) to bypass secret scanning push protection.
 7. Note that you can define your own **Custom patterns** from this page to scan for secrets that do not correspond to a known provider pattern.
 
 <details>
+
   ![image](images/lab-1-3-1.png)
 </details>
 
 ## Summary
 
 Congrats! You have successfully enabled all of the security settings on your repository. In the next lab, we will review the alerts that have been created and how to manage them.
 
-➡️ Head back to the [labs](README.md) page to continue on to the next lab.
+➡️ Head to the next [lab](lab2.md).