Update maintain a secure repo

a-a-ron · a-a-ron · commit 9a6c405de3a0 · 2023-06-22T13:26:49.000-06:00
diff --git a/github/maintain-secure-repository-github/4-knowledge-check.yml b/github/maintain-secure-repository-github/4-knowledge-check.yml
@@ -5,8 +5,8 @@ metadata:
   title: Knowledge check
   description: Check what you've learned.
   ms.date: 06/26/2020
-  author: tpetchel
-  ms.author: thpetche
+  author: a-a-ron
+  ms.author: aastewar
   ms.topic: interactive-tutorial
   ms.prod: learning-azure
 durationInMinutes: 3
diff --git a/github/maintain-secure-repository-github/includes/2-how-to-maintain-secure-repository.md b/github/maintain-secure-repository-github/includes/2-how-to-maintain-secure-repository.md
@@ -41,7 +41,7 @@ Below are some ways to distribute security and operational responsibilities acro
 
 The community benefits of GitHub are substantial, but they also carry potential risks. The fact that anyone can propose bug fixes publicly comes with certain responsibilities. The most important is the responsible disclosure of information that could lead to security exploits before their underlying bugs can be fixed. Developers looking to report or address security issues look for a `SECURITY.md` file in the root of a repository in order to responsibly disclose their concerns. Providing guidance in this file will ultimately speed up the resolution of these critical issues.
 
-To learn more about `SECURITY.md`, see [Adding a security policy to your repository](https://help.github.com/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository?azure-portal=true).
+To learn more about `SECURITY.md`, see [Adding a security policy to your repository](https://docs.github.com/code-security/getting-started/adding-a-security-policy-to-your-repository).
 
 ## GitHub Security Advisories
 GitHub Security Advisories allow repository maintainers to privately discuss and fix a security vulnerability in a project. After collaborating on a fix, repository maintainers can publish the security advisory to publicly disclose the security vulnerability to the project's community. By publishing security advisories, repository maintainers make it easier for their community to update package dependencies and research the impact of the security vulnerabilities. GitHub stores the published advisories in the Common Vulnerabilities and Exposures (CVE) list, which is used for automatically notifying affected repositories that leverage software that has a listed vulnerability.
@@ -76,17 +76,18 @@ x86/
 
 Your repository may include multiple `.gitignore` files. Settings are inherited from parent directories, with overriding fields in new `.gitignore` files taking precedence over parent settings for their folders and subfolders. It's common for the majority of effort to go into maintaining the root `.gitignore` file where feasible, although adding a `.gitignore` into a project directory can be helpful when that project has specific requirements that are easier to maintain separately from the parent, such as files that should *not* be ignored.
 
-To learn more about `.gitignore`, see [Ignoring files](https://help.github.com/github/using-git/ignoring-files?azure-portal=true). Also check out the collection of starter `.gitignore` files offered for various platforms in the [gitignore repository](https://github.com/github/gitignore?azure-portal=true).
+To learn more about `.gitignore`, see [Ignoring files](https://docs.github.com/get-started/getting-started-with-git/ignoring-files). Also check out the collection of starter `.gitignore` files offered for various platforms in the [gitignore repository](https://github.com/github/gitignore?azure-portal=true).
 
 ## Remove sensitive data from a repository
 
 While `.gitignore` can be useful in helping contributors avoid committing sensitive data, it's just a strong suggestion. Developers can still work around it to add files if they are motivated enough, and sometimes files may slip through because they don't meet the `.gitignore` configuration. Project participants should always be on the lookout for commits containing data that should not be included in the repository or its history.
 
 > [!IMPORTANT]
-> You should assume that any data committed to GitHub at any point has been compromised. Simply overwriting a commit isn't enough to ensure the data will not be accessible in the future. For the complete guide to removing sensitive data from GitHub, see [Removing sensitive data from a repository](https://help.github.com/github/authenticating-to-github/removing-sensitive-data-from-a-repository?azure-portal=true).
+> You should assume that any data committed to GitHub at any point has been compromised. Simply overwriting a commit isn't enough to ensure the data will not be accessible in the future. For the complete guide to removing sensitive data from GitHub, see [Removing sensitive data from a repository](https://docs.github.com/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository).
 
 ## Branch protection rules
-You can create a [branch protection rule](https://docs.github.com/en/github/administering-a-repository/defining-the-mergeability-of-pull-requests/managing-a-branch-protection-rule) to enforce certain workflows for one or more branches, such as requiring an approving review or passing status checks for all pull requests merged into the protected branch.
+
+You can create a [branch protection rule](https://docs.github.com/github/administering-a-repository/defining-the-mergeability-of-pull-requests/managing-a-branch-protection-rule) to enforce certain workflows for one or more branches, such as requiring an approving review or passing status checks for all pull requests merged into the protected branch.
 
 You can leverage the workflows that protect the branch to: 
 
@@ -96,7 +97,8 @@ You can leverage the workflows that protect the branch to:
 * And so on
 
 ## Add a CODEOWNERS file
-By adding a [CODEOWNERS](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners#codeowners-syntax) file to your repository, you can assign individual team members or entire teams as code owners to paths in your repository. These code owners are then required for pull-request reviews on any changes to files in a path that they are configured for.
+
+By adding a [CODEOWNERS](https://docs.github.com/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners#codeowners-syntax) file to your repository, you can assign individual team members or entire teams as code owners to paths in your repository. These code owners are then required for pull-request reviews on any changes to files in a path that they are configured for.
 
 ```
 # Changes to files with the js extensions need to be reviewed by the js-owner user/group:
@@ -105,4 +107,5 @@ By adding a [CODEOWNERS](https://docs.github.com/en/github/creating-cloning-and-
 # Changes to files in the builds folder need to be reviewed by the octocat user/group:
 /build/ @octocat
 ```
+
 You can create the CODEOWNERS file in either the root of the repository, or in the `docs` or `.github` folder.
diff --git a/github/maintain-secure-repository-github/includes/3-security-automation.md b/github/maintain-secure-repository-github/includes/3-security-automation.md
@@ -10,36 +10,36 @@ One default feature every repository enjoys is dependency graphs. GitHub scans c
 
 ![GitHub dependency graph](../media/2-dependency-graph.png)
 
-For the list of supported dependency manifests, see [Listing the packages that a repository depends on](https://help.github.com/github/visualizing-repository-data-with-graphs/listing-the-packages-that-a-repository-depends-on#supported-languages?azure-portal=true).
+For the list of supported dependency manifests, see [About the dependency graph](https://docs.github.com/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
 
 ### Automated dependency alerts
 
-Even with a visual dependency graph, it can still be overwhelming to stay on top of the latest security considerations for every dependency a project has. To reduce this overhead, GitHub provides [automated dependency alerts](https://docs.github.com/en/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies) that watch your dependency graphs for you. It then cross-references target versions with versions on known vulnerability lists. When a risk is discovered, the project is alerted. Input for the analysis comes from [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories/about-github-security-advisories#dependabot-alerts-for-published-security-advisories).
+Even with a visual dependency graph, it can still be overwhelming to stay on top of the latest security considerations for every dependency a project has. To reduce this overhead, GitHub provides [automated dependency alerts](https://docs.github.com/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies) that watch your dependency graphs for you. It then cross-references target versions with versions on known vulnerability lists. When a risk is discovered, the project is alerted. Input for the analysis comes from [GitHub Security Advisories](https://docs.github.com/code-security/security-advisories/about-github-security-advisories#dependabot-alerts-for-published-security-advisories).
 
 ![A GitHub alert for a vulnerable dependency](../media/2-dependency-alert.png)
 
 ### Automated dependency updates with Dependabot
 
 Most of the time, a dependency alert leads to a project contributor bumping the offending package reference to the recommended version and creating a pull request for validation. Wouldn't it be great if there was a way to automate this effort? Well, good news! That's exactly what **Dependabot** does. It scans for dependency alerts and creates pull requests so that a contributor can validate the update and merge the request.
 
-To learn more about Dependabot's flexibility, see [Configuring GitHub Dependabot security updates](https://help.github.com/github/managing-security-vulnerabilities/configuring-github-dependabot-security-updates?azure-portal=true).
+To learn more about Dependabot's flexibility, see [Configuring Dependabot security updates](https://docs.github.com/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates).
 
 ### Automated code scanning
 
 Similar to how Dependabot scans your repository for dependency alerts, you can use code scanning to analyze and find security vulnerabilities and errors in the code in a GitHub repository. Code scanning has several benefits; you can use it to find, triage, and prioritize fixes for existing problems or potential security vulnerabilities. It's also useful to help prevent developers from introducing any new security problems into the code.
 
-Another advantage to code scanning is its ability to use CodeQL. CodeQL lets you query code as data, which lats you create custom queries or use queries maintained by the open-source community. Code scanning gives you the freedom to customize and maintain how the code within your repository is being scanned.
+Another advantage to code scanning is its ability to use CodeQL. CodeQL lets you query code as data, which lets you create custom queries or use queries maintained by the open-source community. Code scanning gives you the freedom to customize and maintain how the code within your repository is being scanned.
 
 You can enable code-scanning alerts and workflows in the security tab of a GitHub repository:
 
 :::image type="content" source="../media/security-overview.png" alt-text="A list of policies, advisories, and alerts with links to more information.":::
 
-Learn more about [Code scanning and CodeQL](https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning#about-code-scanning).
+Learn more about [Code scanning and CodeQL](https://docs.github.com/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning#about-code-scanning).
 
 ### Secret scanning
 
 Another automated scanning feature within a GitHub repository is secret scanning. Similar to the previous security scanning features, secret scanning looks for known secrets or credentials committed within the repository. This scanning is done to prevent the use of fraudulent behavior and to secure the integrity of any sensitive data. By default, secret scanning occurs on public repositories and can be enabled on private repositories by repository administrators or organization owners.
 
 When secret scanning detects a set of credentials, GitHub notifies the service provider who issued the secret. The service provider validates the credential, then decides whether they should revoke the secret, issue a new secret, or reach out to you directly, which will depend on the associated risks to you or the service provider.
 
-Learn more about [Secret scanning for public and private repositories](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-secret-scanning).
+Learn more about [Secret scanning for public and private repositories](https://docs.github.com/free-pro-team@latest/github/administering-a-repository/about-secret-scanning).
diff --git a/github/maintain-secure-repository-github/includes/5-summary.md b/github/maintain-secure-repository-github/includes/5-summary.md
@@ -8,15 +8,15 @@ You learned about:
 - How to add a `.gitignore` file to a repository
 - Advanced security features such as code scanning and secret scanning
 
-Now that you're familiar with security best practices, learn to [Automate DevOps processes by using GitHub Apps](/learn/modules/automate-devops-github-apps/).
+Now that you're familiar with security best practices, learn to [Automate DevOps processes by using GitHub Apps](/training/modules/automate-devops-github-apps/).
 
 ## Learn more
 
 Here are some links to more information on the topics we discussed in this module.
 
-- [About security alerts for vulnerable dependencies](https://help.github.com/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies?azure-portal=true)
+- [Viewing and updating Dependabot alerts](https://docs.github.com/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)
 - [Dependabot official site](https://github.com/dependabot)
 - [Security apps on GitHub Marketplace](https://github.com/marketplace/category/security?azure-portal=true)
-- [Adding a security policy to your repository](https://help.github.com/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository?azure-portal=true)
-- [Ignoring files](https://help.github.com/github/using-git/ignoring-files?azure-portal=true)
-- [Removing sensitive data from a repository](https://help.github.com/github/authenticating-to-github/removing-sensitive-data-from-a-repository?azure-portal=true)
+- [Adding a security policy to your repository](https://docs.github.com/code-security/getting-started/adding-a-security-policy-to-your-repository)
+- [Ignoring files](https://docs.github.com/get-started/getting-started-with-git/ignoring-files)
+- [Removing sensitive data from a repository](https://docs.github.com/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)
diff --git a/github/maintain-secure-repository-github/index.yml b/github/maintain-secure-repository-github/index.yml
@@ -23,7 +23,7 @@ abstract: |
 prerequisites: |
   - A GitHub account
   - The ability to navigate and edit files in GitHub
-iconUrl: /learn/achievements/github/maintain-secure-repository-github.svg
+iconUrl: /training/achievements/github/maintain-secure-repository-github.svg
 ratingEnabled: true
 levels:
 - beginner
