You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _labs/lab1.md
+15-7Lines changed: 15 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,9 +7,9 @@ Welcome! In this lab, you will be introduced to GitHub Advanced Security (GHAS)
7
7
> We recommend opening up two browser windows, one with the lab and one with the working copy of your repo!
8
8
-->
9
9
10
-
## Forking the repository
10
+
## Creating the repository
11
11
12
-
In this exercise, you will fork a repository with code from which you can work to test our the GHAS capabilities.
12
+
In this exercise, you will create a repository with code from which you can work to test the GHAS capabilities.
13
13
14
14
1. Navigate to +++https://github.com/Ignite-GHAS-Workshop/ghas-workshop-repo+++ in your browser.
15
15
2. Click the green **Use this template** button in the upper right corner of the page.
@@ -44,22 +44,29 @@ Although Dependabot isn't part of the GitHub Advanced Security product suite, it
44
44
### Exercise 2: Enable Code Scanning
45
45
46
46
1. Next, let's enable **Code Scanning with CodeQL**. These settings are also under the **Code security** settings page.
47
-
2. Underneath the Code Scanning heading, click the **Set up** button in the **CodeQL analysis** row.
48
-
3. There are two options: **Default** and **Advanced**. Select the **Default** option and review the settings.
47
+
2. Click the **Enable** button next to GitHub Advanced Security.
48
+
3. A prompt will confirm that you want to **Enable GitHub Advanced Security for this repository** - click the button.
49
+
- The prompt tells you how many GitHub Advanced Security licenses you would consume by enabling this feature - which is useful if you are an organization owner and want to ensure you have enough licenses for your organization.
50
+
4. Underneath the **GitHub Advanced Security | Code scanning** heading, click the **Set up** button in the **CodeQL analysis** row.
51
+
52
+
> [!NOTE]
53
+
> If you do not see the **Code scanning** heading on the **Code security** page after enabling **GitHub Advanced Security** - you have likely not created your repo in the proper Organization. Go back to the beginning of this lab and ensure you choose **Ignite24-Labs** value from the dropdown as the new repository **Owner** when you choose **Use this template** .
54
+
55
+
5. There are two options: **Default** and **Advanced**. Select the **Default** option and review the settings.
49
56
- For this lab, we will use the **Default** setup which creates a managed Actions workflow (i.e. you will not see a file committed to the repo). You can use the Advanced option to manage your code scanning workflow as a GitHub Actions workflow YAML file committed to the repo. The **Default** option is a great option to get started quickly to enable code scanning in a repository without needing to commit any additional code.
50
57
- By default, it will scan the JavaScript code, use the default CodeQL queries (for highest precision), and scan the default branch on push, pull request, and on a weekly schedule.
51
58
52
59
<details>
53
60
54
61
</details>
55
62
56
-
4. Click the **Enable CodeQL** button to save the settings and enable Code Scanning.
63
+
6. Click the **Enable CodeQL** button to save the settings and enable Code Scanning.
57
64
58
65
<details>
59
66
60
67
</details>
61
68
62
-
5. Ensure that **Copilot Autofix** is enabled (in the **Code Scanning --> Tools** section).
69
+
7. Ensure that **Copilot Autofix** is enabled (in the **Code Scanning --> Tools** section).
63
70
64
71
<details>
65
72
@@ -68,7 +75,7 @@ Although Dependabot isn't part of the GitHub Advanced Security product suite, it
68
75
> [!NOTE]
69
76
> You don't need a Copilot license in order to use the Copilot features with GitHub Advanced Security. However, Copilot can certainly be helpful in resolving issues in your IDE by using Copilot chat to explain the vulnerability and how to fix it.
70
77
71
-
6. Optionally, configure the **Check runs failure threshold** - by default, a pull request will be blocked if there are any high or higher security alerts.
78
+
8. Optionally, configure the **Check runs failure threshold** - by default, a pull request will be blocked if there are any high or higher security alerts.
72
79
73
80
### Exercise 3: Enable Secret Scanning
74
81
@@ -80,6 +87,7 @@ Although Dependabot isn't part of the GitHub Advanced Security product suite, it
80
87
6. Optionally, configure **Who can bypass push protection for secret scanning**.
81
88
- By default, as to not interrupt developers' workflows, anyone with write access to the repository can manually bypass a blocked push that contains secrets (administrators will be notified of this, and it is also captured in the audit logs).
82
89
- In Private and internal repositories in organizations using GitHub Enterprise Cloud with GitHub Advanced Security enabled, you can change this to only allow select users/teams (or no one) to bypass secret scanning push protection.
90
+
7. Note that you can define your own **Custom patterns** from this page to scan for secrets that don't correspond to a known provider pattern.
0 commit comments