36 captures

11 Nov 2019 - 24 Sep 2022

Oct	NOV	Dec
	27
2019	2020	2021

success

fail

About this capture

COLLECTED BY

Collection: Common Crawl

Web crawl data from Common Crawl.

TIMESTAMPS

The Wayback Machine - http://web.archive.org/web/20201127123856/https://lab.github.com/githubtraining/security-strategy-essentials

Learning Lab For Organizations Teach on Learning Lab Sign in

Security strategy essentials

The GitHub Training Team Learn security best practices and keep your project’s contributions—and contributors—safe. Start free course Join 1055 others! social preview

This course will show you how to build, host, and maintain a secure repository on GitHub. By following simple security best practices, you can rest easy knowing your project is secure for contributors and contributions today and in the future. Collaboration is key to building great software. As you welcome more contributions, keeping your project secure becomes more important than ever.

What you'll learn

This course will answer common questions like: ●How can I prevent sensitive data from being pushed to my repository? ●How do I remove traces of the sensitive data if it is indeed published? ●How do I use GitHub's vulnerability alerts? ●How do I automatically fix vulnerable dependencies? ●What's a security policy and how do I implement one? ●What's .gitignore and how do I use it? ●How can I trace sensitive data to its introduction? In this course, you’ll learn how to: ●Enable vulnerable dependency detection for private repositories ●Detect and fix outdated dependencies ●Automate the detection and fix of vulnerable dependencies with Dependabot ●Add a security policy with the a SECURITY.md file ●Remove a commit exposing sensitive data in a pull request ●Keep sensitive files out of your repository by leveraging the use of a .gitignore file ●Remove historical commits exposing sensitive data deep in your repository

What you'll build

●Completed source repository ●Deployed game

Prerequisites

This course is a great introduction. If you're unfamiliar with working in Pull Requests, consider taking the following course. ●Introduction to GitHub

Projects used

This course makes use of the following open source projects. Consider exploring these repos and maybe even making contributions! ●Octocat Memory Game on CodePen

Audience

Developers, new GitHub users, teams, security professionals, open source maintainers

Steps to complete this course 13

Enable repository settings

Enable settings in your repository for the next activities.

Find the vulnerable dependency

Find the vulnerable dependency, and comment with the suggested update version.

Update the dependency version

Edit the file in the pull request to update the dependency.

Merge your pull request

Merge the pull request you've opened to update the vulnerability dependency.

Enable Dependabot

Install Dependabot on your repository.

Add a SECURITY.md file

Add a SECURITY.md file to your repository.

Merge the SECURITY.md pull request

Merge the pull request.

Remove sensitive data in a pull request

Remove sensitive data pushed to a pull request

Approve the pull request

Approve the contributors pull request

Add a `.gitignore` file

The .gitignore file is ready to be edited in an open pull request. Add the .env file to the .gitignore file.

Merge the pull request

Merge the second pull request with updates to the .gitignore file.

Find historical reference to a previous .env file

Find historical reference to a previously committed .env file

Remove historical reference to a previous .env file

Remove historical reference to a previously committed .env file

Share Security strategy essentials

Average time to complete

53 minutes

Free

All public courses on Learning Lab are free.

Get help

Post on the GitHub Community Forum

Latest release

July 31, 2020

Learning Paths that include this course

Prepare to use GitHub

byThe GitHub Training Team Prepare to use GitHub with this learning path.

What is GitHub Learning Lab?

Learn new skills by completing fun, realistic projects in your very own GitHub repository.