Once you switch on GitHub Advanced Security's (GHAS) key features, they'll always be running in the background to keep your code safe. But you can do more with GHAS than run the scans GitHub provides out of the box. In this module, we'll dive into the more advanced capabilities of GHAS.
A GitHub Advanced Security license
CodeQL, dependency graph, Dependabot alerts, secret scanning, and push protection should all be enabled
Repository admin or organization Security Manager permissions
Basic knowledge of GitHub, such as forking repositories and committing changes
Some familiarity with GitHub Actions is recommended
In this module, we will be using an example application called Web Goat to explore the features of GHAS. Web Goat is an open source, deliberately insecure application widely used for security testing and benchmarking. If you completed one of the previous security pathways (foundational or intermediate), you can keep using the same repository.
Advanced module overview
Why and how to centrally manage your CodeQL configuration, how to enable access to your central CodeQL configuration file, and how to point individual repositories to it.
How to use GitHub Actions to create and upload a dependency snapshot,how to view the results with dependency graph, and how to automatically export a software bill of materials (SBOM) with GitHub Actions.