Skip to content

githubuniverseworkshops/juice-shop-ghas-workshop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
.devcontainer
.devcontainer
 
 
_labs
_labs
 
 
config
config
 
 
data
data
 
 
encryptionkeys
encryptionkeys
 
 
frontend
frontend
 
 
ftp
ftp
 
 
i18n
i18n
 
 
lib
lib
 
 
models
models
 
 
monitoring
monitoring
 
 
routes
routes
 
 
rsn
rsn
 
 
screenshots
screenshots
 
 
test
test
 
 
uploads/complaints
uploads/complaints
 
 
vagrant
vagrant
 
 
views
views
 
 
.dockerignore
.dockerignore
 
 
.eslintrc.js
.eslintrc.js
 
 
.gitignore
.gitignore
 
 
.npmrc
.npmrc
 
 
Dockerfile
Dockerfile
 
 
Gruntfile.js
Gruntfile.js
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.json
app.json
 
 
app.ts
app.ts
 
 
cypress.config.ts
cypress.config.ts
 
 
docker-compose.test.yml
docker-compose.test.yml
 
 
package.json
package.json
 
 
secrets.txt
secrets.txt
 
 
server.ts
server.ts
 
 
slides.pdf
slides.pdf
 
 
swagger.yml
swagger.yml
 
 
threat-model.json
threat-model.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Securing your code with GitHub Advanced Security

Securing your code with GitHub Advanced Security
@joshjohanning @mickeygousset

Workshop Labs Resources

  • Who is this for: Enterprise - Engineering Leadership, Enterprise - Developers, Open Source Developers or Maintainers, Security Professionals, Startups, Security Leadership, Educators
  • What you'll learn: Here at GitHub, we like to say that "found means fixed." That's because when issues are found they can more easily be fixed. In this workshop you'll dive into a repository filled with security alerts and begin to remediate them using GitHub Advanced Security (GHAS) and Dependabot, effectively maintaining code integrity. You'll also encounter and resolve a few security issues using GitHub Codespaces and GitHub Copilot. The end goal? To learn and develop strategies to motivate your developers to turn reactive fixes into proactive security habits.

Workshop Labs

Lab 1 - GitHub Advanced Security Feature Introduction

This lab will introduce you to GitHub Advanced Security (GHAS) and its features.

  • Get started here - Lab 1

Lab 2 - Reviewing and Managing Security Alerts

This lab will show you how to review and managed the alerts created in Lab 1.

  • Get started here - Lab 2

Lab 3 - Hands-on with Code Scanning

This lab will have you add some bad code, utilize repository rulesets to block the code, and Copilot Autofix to fix the code.

  • Get started here - Lab 3

Lab 4 - Hands-on with Dependency Review

This lab will have you utilize the Dependency Review action to stop a bad vulnerability in a pull request.

  • Get started here - Lab 4

Lab 5 - Hands-on with Secret Scanning

This lab will have you utilize Secret Scanning with Push Protection to prevent secrets from entering the codebase.

  • Get started here - Lab 5

Lab 6 - Hands-on with Security Overview

This lab will teach you how to effectively use the Security Overview to review and alerts and coverage in an organization.

  • Get started here - Lab 6

Extra Credit: Advanced CodeQL Setup

This open-ended extra credit lab will have you switch to the advanced CodeQL setup.

Extra Credit: Custom Patterns for Secret Scanning

This open-ended extra credit lab will have you create a custom secret scanning pattern.

📖 Resources

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

6 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages