Skip to content

Commit ccc6b0d

Browse files
chrisreddingtonchrisreddington
authored
Add navigation links and update references in code scanning documentation
1 parent 4e5f8ef commit ccc6b0d

File tree

1 file changed

+21
-6
lines changed

1 file changed

+21
-6
lines changed

content/full-day/1-code-scanning.md

Lines changed: 21 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,15 @@
11
# Securing the development pipeline
22

3+
| [← Workshop setup][walkthrough-previous] | [Next: Project management with GitHub Issues →][walkthrough-next] |
4+
|:-----------------------------------|------------------------------------------:|
5+
36
Ensuring code security is imperative in today's environment. When we think about how we create code today, there's three main areas to focus on:
47

58
- The code we write
69
- The code we use through libraries and packages
710
- The credentials needed to access services
811

9-
To help support developers and security teams, [GitHub Advanced Security](https://github.com/features/security) provides a suite of tools which cover these focus areas. Code Scanning will check the code you write, Dependabot ensures the libraries you use are secure, and Secret Scanning looks for any keys or tokens which are checked into code.
12+
To help support developers and security teams, [GitHub Advanced Security][advanced-security] provides a suite of tools which cover these focus areas. Code Scanning will check the code you write, Dependabot ensures the libraries you use are secure, and Secret Scanning looks for any keys or tokens which are checked into code.
1013

1114
Let's explore each of these, and enable them on our repository. We'll see them in action when we create a pull request with new code later in the workshop.
1215

@@ -16,7 +19,7 @@ Security is important in every application. By detecting potential vulnerabiliti
1619

1720
## Dependabot
1821

19-
Most projects take dependencies on open source and other external libraries. While modern development would seemingly be impossible without these resources, we always need to ensure the dependencies we take are secure. [Dependabot](https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide) will look at the dependencies your repository has and raise alerts or even create [pull requests](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests) (PRs) to update your dependencies to a secure version.
22+
Most projects take dependencies on open source and other external libraries. While modern development would seemingly be impossible without these resources, we always need to ensure the dependencies we take are secure. [Dependabot][dependabot-quickstart] will look at the dependencies your repository has and raise alerts or even create [pull requests][about-prs] (PRs) to update your dependencies to a secure version.
2023

2124
### Configuring Dependabot
2225

@@ -80,10 +83,22 @@ A background process starts, and will configure a workflow for analyzing your co
8083

8184
## Summary and next steps
8285

83-
In this exercise, you enabled GitHub Advanced Security. You enabled Dependabot to check the libraries your project takes dependencies on, secret scanning to look for keys and tokens, and code scanning to examine your source code. These tools help ensure your application is secure. Next it's time to [file an issue](2-issues.md) to add feature requests.
86+
In this exercise, you enabled GitHub Advanced Security. You enabled Dependabot to check the libraries your project takes dependencies on, secret scanning to look for keys and tokens, and code scanning to examine your source code. These tools help ensure your application is secure. Next it's time to [file an issue][walkthrough-next] to add feature requests.
8487

8588
### Additional resources
8689

87-
- [About GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security)
88-
- [GitHub Skills: Secure your repository's supply chain](https://github.com/skills/secure-repository-supply-chain)
89-
- [GitHub Skills: Secure code game](https://github.com/skills/secure-code-game)
90+
- [About GitHub Advanced Security][advanced-security-docs]
91+
- [GitHub Skills: Secure your repository's supply chain][skills-supply-chain]
92+
- [GitHub Skills: Secure code game][skills-secure-code]
93+
94+
| [← Workshop setup][walkthrough-previous] | [Next: Project management with GitHub Issues →][walkthrough-next] |
95+
|:-----------------------------------|------------------------------------------:|
96+
97+
[advanced-security]: https://github.com/features/security
98+
[advanced-security-docs]: https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security
99+
[about-prs]: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests
100+
[dependabot-quickstart]: https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide
101+
[skills-supply-chain]: https://github.com/skills/secure-repository-supply-chain
102+
[skills-secure-code]: https://github.com/skills/secure-code-game
103+
[walkthrough-previous]: 0-setup.md
104+
[walkthrough-next]: 2-issues.md

0 commit comments

Comments
 (0)