Welcome to ONLC Training Centers

GH-500: GitHub Advanced Security Course

Class Dates
(click date for class times)
(click Enroll for locations)
7/1
Class Dates and Times
07/01/2025Tuesday 10:00-4:45 EDT
  9:00-3:45 CDT
  8:00-2:45 MDT
  7:00-1:45 PDT
Last Reg Date6/26
 
7/31
Class Dates and Times
07/31/2025Thursday 10:00-4:45 EDT
  9:00-3:45 CDT
  8:00-2:45 MDT
  7:00-1:45 PDT
 
8/28
Class Dates and Times
08/28/2025Thursday 10:00-4:45 EDT
  9:00-3:45 CDT
  8:00-2:45 MDT
  7:00-1:45 PDT
 
9/25
Class Dates and Times
09/25/2025Thursday 10:00-4:45 EDT
  9:00-3:45 CDT
  8:00-2:45 MDT
  7:00-1:45 PDT
 
10/23
Class Dates and Times
10/23/2025Thursday 10:00-4:45 EDT
  9:00-3:45 CDT
  8:00-2:45 MDT
  7:00-1:45 PDT
 
Fee:  $495

Savings options:

 Learning Credits
Need a price quote?

Follow the link to our self-service price quote form to generate an email with a price quote.

Need a class for a group?

We can deliver this class for your group. Follow the link to request more information.

Email Alert

Receive an email when this class is available as "Ready to Run" or "Early Notice" status.

Train from your home or office

If you have high-speed internet and a computer you can likely take this class from your home or office.


GH-500: GitHub Advanced Security Course

 

Special Note to New Hampshire Residents
This course has not yet been approved by the New Hampshire Department of Education. Please contact us for an update on when the class will be available in New Hampshire.

Overview

This hands-on, instructor-led course, GH-500T00: GitHub Advanced Security, offers an in-depth exploration of GitHub's security features, including secret scanning, code scanning with CodeQL, and dependency management. Participants will learn to configure and utilize these tools to enhance their software development security posture. The GH-500 course also covers administrative aspects, such as setting security policies and managing sensitive data within GitHub.

Course Objectives

• Understand and configure GitHub Advanced Security features.​
• Implement Dependabot for automated dependency updates.​
• Set up and manage secret scanning to protect sensitive information.​
• Configure code scanning using CodeQL for vulnerability detection.​
• Analyze and interpret CodeQL scan results.​

Who should attend GitHub Advanced Security Course

• DevOps Engineer

COURSE OUTLINE

Introduction to GitHub Advanced Security

  • Define GHAS and the importance of the integral features such as Secret scanning, Code scanning, and Dependabot
  • Know how to utilize GHAS to maximize security impact
  • Understand GHAS and its role in the security ecosystem

Configure Dependabot security updates on your GitHub repo

  • Describe the available tools for managing vulnerable dependencies on GitHub.
  • Enable and configure Dependabot alerts.
  • Identify the permissions and roles required to view and enable Dependabot alerts.
  • Enable and configure Dependabot security updates.
  • Identify, review, and address vulnerable dependencies.
  • Explain how to use GraphQL API to retrieve vulnerability information.
  • Explain how to configure notifications for vulnerable dependencies.
  • Lab: Configure Dependabot security updates

Configure and use secret scanning in your GitHub repository

  • Describe secret scanning.
  • Configure secret scanning.
  • Use secret scanning.

Configure code scanning on GitHub

  • Describe code scanning.
  • List the steps for enabling code scanning in a repository.
  • List the steps for enabling code scanning with third-party analysis.
  • Contrast how to implement CodeQL analysis in a GitHub Actions workflow versus a third-party continuous integration (CI) tool.
  • Explain how to configure code scanning on a repository using triggering events.
  • Contrast the frequency of code scanning workflows (scheduled vs triggered by events).

Identify security vulnerabilities in your codebase by using CodeQL

  • Create a database by using CodeQL to extract a single relational representation of each source file in the codebase.
  • Run CodeQL in a database to find problems in your source code and find potential security vulnerabilities.
  • Understand CodeQL scan results by using GitHub-created queries or your own custom queries.

Code scanning with GitHub CodeQL

  • Understand CodeQL and how it analyzes code.
  • Understand QL, a unique logic programming language.
  • Set up CodeQL based code scanning in a GitHub repository.
  • Reference a custom CodeQL query.
  • Configure the language matrix in a CodeQL workflow.
  • Learn how to use the CodeQL CLI to generate code scanning results and upload them to GitHub.
  • Implement custom build steps.
  • Lab: Reference a CodeQL query
  • Lab: Configure a CodeQL language matrix

GitHub administration for GitHub Advanced Security

  • Understand what GitHub Advanced Security is and how to use it in the software development lifecycle.
  • Identify which GitHub Advanced Security features are available for open-source projects and which are available on enterprise products.
  • Enable the different features of GitHub Advanced Security on different enterprise products.
  • Determine who should get access to GitHub Advanced Security features in an organization and grant the correct permissions.
  • Set security policies at the organization and repository levels.
  • Understand how to respond to a security alert.
  • Use the Security Overview to monitor security alerts.
  • Use the GitHub Advanced Security API endpoints to manage the GitHub Advanced Security features and alerts.

Manage sensitive data and security policies within GitHub

  • Create documentation that details security guidelines and useful information for collaborators.
  • Set permissions and other rules.
  • Automate processes that prevent security breaches.
  • Respond to security breaches.

 

View outline in Word

AGH500

Attend hands-on, instructor-led GH-500: GitHub Advanced Security training classes at ONLC's nationwide locations. Not near one of our locations? Attend these same live classes from your home/office PC via our Remote Classroom Instruction (RCI) technology.

For additional training options, check out our list of Courses and select the one that's right for you.

GENERAL INFO

Class Format
Class Policies
Student Reviews

HAVE QUESTIONS?
First Name

Last Name

Company

Phone

Email

Location

Question/Comment


ONLC TRAINING CENTERS
800-288-8221
www.onlc.com
Our Classes
Why Register with ONLC
Other Information
For Companies
For Professionals
For Government
Live Classes from Home or Office
About ONLC
Other Details
Connect