https://github.com/advanced-security/advanced-security-material
https://github.com/advanced-security/advanced-security-material
advanced-security advanced-security-training code-scanning codeql security
Last synced: 10 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/advanced-security/advanced-security-material
- Owner: advanced-security
- Created: 2021-10-14T18:49:21.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2025-01-28T22:17:09.000Z (12 months ago)
- Last Synced: 2025-03-31T17:17:49.455Z (10 months ago)
- Topics: advanced-security, advanced-security-training, code-scanning, codeql, security
- Language: Shell
- Homepage:
- Size: 232 KB
- Stars: 70
- Watchers: 5
- Forks: 25
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Advanced Security Material
A place for resources to help you understand and use GitHub Advanced Security (GHAS). Browse the directories in this repository for resources and documentation. To help you get started with GHAS, we've provided some introductory documentation in this file.
## Get started with GitHub Advanced Security
The following list of links are great resources to get you started on learning how to use, deploy, and manage GitHub Advanced Security in your environment.
New to GitHub Advanced Security? Start with [GitHub security features](https://docs.github.com/en/enterprise-cloud@latest/code-security/getting-started/github-security-features) :+1:
### Code Scanning
- [About GitHub Code Scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning)
- [Configuring Code Scanning](https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning)
- [Integrating other tools with GHAS](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning)
### CodeQL
- [Meet CodeQL](https://codeql.github.com/)
- [CodeQL Documentation](https://codeql.github.com/docs/)
- [CWE Query Mapping Documentation](https://codeql.github.com/codeql-query-help/codeql-cwe-coverage)
- [Running additional queries](https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#running-additional-queries)
- [CodeQL CLI Docs](https://codeql.github.com/docs/codeql-cli/getting-started-with-the-codeql-cli)
- [Running CodeQL in your CI System](https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system)
### Secret Scanning
- [About Secret Scanning](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning)
- [Supported secret patterns](https://docs.github.com/en/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-patterns)
- [Defining custom secret patterns](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)
### Supply Chain Security (Dependabot)
- [About](https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)
- [Dependency Graph](https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)
- [Dependabot Alerts](https://docs.github.com/en/enterprise-cloud@latest/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)
- [Dependabot Security Updates](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)
- [GitHub Advisory Database](https://github.com/advisories)
- [Dependabot Quickstart Guide](https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide)
### Security Overview
- [About Security Overview](https://docs.github.com/en/code-security/security-overview/about-the-security-overview)
- [Managing alerts in your repository](https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository)
### Other Resources
- [SARIF Tutorials](https://github.com/microsoft/sarif-tutorials)
- [GitHub Advanced Security Learning Path](https://docs.microsoft.com/en-us/users/githubtraining/collections/rqymc6yw8q5rey)
- [Adopting and scaling GitHub Advanced Security in your company](https://assets.ctfassets.net/wfutmusr1t3h/7rbooz6hi5leHDyvjD3FCy/4cb66560d58afad3f58197f7d4f37f23/Whitepaper-Scaling-GHAS-in-an-Enterprise.pdf)
- [The Complete Guide to Developer-first Security](https://resources.github.com/developer-first-application-security/)
- [GitHub Checkout - Code Scanning (video)](https://www.youtube.com/watch?v=z0wvGf3O69E)
- [GitHub Checkout - Secret Scanning (video)](https://www.youtube.com/watch?v=aoL7pDrXt74)
- [GitHub Checkout - Viewing and Managing your Dependencies (video)](https://www.youtube.com/watch?v=gNd_TGdZ1xc)
- [GitHub Well-architected - Application security](https://wellarchitected.github.com/library/application-security/)