Learn best practices for building, hosting, and maintaining a secure repository on GitHub.
In this module, you will:
- Identify the tools and GitHub features to establish a secure development strategy
- Enable vulnerable dependency detection for private repositories
- Detect and fix outdated dependencies with security vulnerabilities
- Automate the detection of vulnerable dependencies with Dependabot
- Add a security policy with a
SECURITY.mdfile - Remove a commit exposing sensitive data in a pull request
- Keep sensitive files out of your repository by applying the use of a
.gitignorefile - Remove historical commits exposing sensitive data deep in your repository
- A GitHub account
- The ability to navigate and edit files in GitHub
- GitHub security features.
- Adding a security policy to your repository.
- About repository security advisories.
- Ignoring files.
- gitignore repository.
- Removing sensitive data from a repository.
- Branch protection rule.
- CODEOWNERS.
- About the dependency graph.
- Automated dependency alerts.
- GitHub Security Advisories.
- Configuring Dependabot security updates.
- Code scanning and CodeQL.
- Secret scanning for public and private repositories.