Essentials of GitHub Advanced Security wrap-up

You should now be ready to enable GitHub Advanced Security in your repositories. For many of you, there are no further steps required. GitHub Advanced Security will surface existing vulnerabilities and flag potential new problems before they're merged. But some of you will want to customize some of your settings.

Up next: Intermediate security module

In the intermediate module, we'll cover the most common configuration changes our customers make, such as excluding specific files and folders from scans and creating custom build rules for code scanning’s CodeQL.

In the advanced module, we'll cover creating centrally-managed CodeQL configurations, running custom CodeQL queries, mapping transient dependencies, and generating a software bill of materials with dependency review.

Begin intermediate module.

Additional resources

• Explore the code scanning documentation

• Explore the secret scanning documentation

• Explore the dependency review documentation