Merge pull request #11 from githubtraining/course-details

Add course details

Author: hectorsector

config.yml

@@ -1,6 +1,5 @@
 title: Security strategy essentials
-tagline: A brand new course on Learning Lab
-description: 'Course repo for Learning Lab course "Security strategy essentials"'
+description: Learn security best practices and keep your project’s contributions—and contributors—safe.
 template:
   repo: security-strategy-essentials-template
   name: security-strategy-essentials
@@ -341,3 +340,7 @@ steps:
         with: 12_correct-references-removed.md # replace with nice job removing .env file response
         data:
           url: '%actions.finalIssue.data.html_url%'
+
+tags: [
+  "Security", "Dependency management", "Rebasing", "Auditing", "Dependabot"
+]

course-details.md

@@ -2,6 +2,17 @@ This course will show you how to build, host, and maintain a secure repository o
 
 Collaboration is key to building great software. As you welcome more contributions, keeping your project secure becomes more important than ever.
 
+## What you'll learn
+
+This course will answer common questions like:
+- How can I prevent sensitive data from being pushed to my repository?
+- How do I remove traces of the sensitive data if it is indeed published? 
+- How do I use GitHub's vulnerability alerts? 
+- How do I automatically fix vulnerable dependencies?
+- What's a security policy and how do I implement one?
+- What's `.gitignore` and how do I use it?
+- How can I trace sensitive data to its introduction?
+
 In this course, you’ll learn how to:
 - Enable vulnerable dependency detection for private repositories
 - Detect and fix outdated dependencies with security vulnerabilities
@@ -11,4 +22,23 @@ In this course, you’ll learn how to:
 - Keep sensitive files out of your repository by leveraging the use of a `.gitignore` file
 - Remove historical commits exposing sensitive data deep in your repository
 
-This course has a dedicated message board on the [GitHub Community Forum]({{ communityBoard }}). Create a post to start a conversation, discuss this course with GitHub Trainers and participants, or troubleshoot any issues you encounter.
+## What you'll build
+
+![A picture matching game in play](https://user-images.githubusercontent.com/16547949/75375742-b307d980-589c-11ea-960d-e1ce576472b6.gif)
+
+- Completed [source repository](https://github.com/githubtraining/security-strategy-essentials-demo)
+- [Deployed game](https://githubtraining.github.io/security-strategy-essentials-demo/)
+
+## Prerequisites
+
+This course is a great introduction. If you're unfamiliar with working in Pull Requests, consider taking the following course.
+- [Introduction to GitHub](https://github.com/githubtraining/caption-this-template)
+
+## Projects used
+
+This course makes use of the following open source projects. Consider exploring these repos and maybe even making contributions!
+- [Octocat Memory Game](https://codepen.io/mayurbirle/pen/rwozYP) on CodePen
+
+## Audience
+
+Developers, new GitHub users, teams, security professionals, open source maintainers

responses/04_add-dependabot.md

@@ -10,37 +10,22 @@ Dependabot creates pull requests to keep your dependencies secure and up-to-date
 
 ### How does Dependabot work?
 
-Dependabot is the actor for GitHub's automated security fixes. 
+Dependabot is the actor for GitHub's [automated security updates](https://help.github.com/en/github/managing-security-vulnerabilities/configuring-automated-security-updates). 
 
 1. GitHub uses the dependency graph and security alerts to scan your repository and notify you of potential dependency updates
 1. If any dependencies are out-of-date, Dependabot opens a pull request to update each one
 1. If tests pass, and the updated version looks good, you simply merge the pull request
 
-### Configuring automated security fixes
+### Configuring automated security updates
 
-You can enable automated security fixes for any repository that uses security alerts and the dependency graph. You can disable automated security fixes for an individual repository or for all repositories owned by your user account or organization. GitHub will automatically enable automated security fixes in every repository that uses security alerts and the dependency graph.
+You can enable automated security updates for any repository that uses security alerts and the dependency graph. You can disable automated security updates for an individual repository or for all repositories owned by your user account or organization. GitHub will automatically enable automated security updates in every repository that uses security alerts and the dependency graph.
 
 ![Screen Shot 2019-10-28 at 1 23 52 PM](https://user-images.githubusercontent.com/6351798/67711794-5c3ed180-f988-11e9-97ba-41451996a2fb.png)
 
 Here, we have a security alert on the **debug** dependency. Clicking on **debug** will show you the pull request created by Dependabot to update the dependency. We just updated to `2.6.9` but Dependabot noticed we are still outdated.
 
 If you navigate to your [pull requests]({{ repoUrl }}/pulls), you'll notice Dependabot has done its job and is trying to bump, or update, the version of `debug`. Feel free to **approve and merge the pull request**.
 
-<details>
-  <summary>How to Install Dependabot if not enabled through automated security fixes</summary>
-
-- Navigate to Dependabot on the [GitHub Marketplace](https://github.com/marketplace/dependabot-preview)
-- Click the "Install it for free" button
-- Follow on-screen instructions to add Dependabot to your GitHub profile
-- When installing Dependabot, choose `Only select repositories` and choose this repository, {{ repoUrl }}
-- On `app.dependabot.com`, under `repos you want to add`, select {{ repoUrl }} and click the `Add selected` button
-    
-</details>
-
-#### Important Note!
-Dependabot is owned and maintained by GitHub. Dependabot Preview is a public beta for functionality that we are integrating directly into GitHub. These automatic security fixes are in beta and are subject to change.
-
-
 ## Close this issue when done
 
 <hr>