diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index 8ac6b8c..0000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-version: 2
-updates:
- - package-ecosystem: "github-actions"
- directory: "/"
- schedule:
- interval: "monthly"
diff --git a/.github/steps/-step.txt b/.github/steps/-step.txt
deleted file mode 100644
index 573541a..0000000
--- a/.github/steps/-step.txt
+++ /dev/null
@@ -1 +0,0 @@
-0
diff --git a/.github/steps/0-welcome.md b/.github/steps/0-welcome.md
deleted file mode 100644
index 9ff13a5..0000000
--- a/.github/steps/0-welcome.md
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/.github/steps/1-enable-codeql.md b/.github/steps/1-enable-codeql.md
deleted file mode 100644
index 216aa68..0000000
--- a/.github/steps/1-enable-codeql.md
+++ /dev/null
@@ -1,42 +0,0 @@
-
-
-## Step 1: Enable CodeQL
-
-π Hello! Welcome to the GitHub Skills course: Enable code scanning!
-
-Let's get started!
-
-In this first step, we'll be learning more about CodeQL and how to use it to secure your source code.
-
-**What is GitHub code scanning**: _[Code scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning)_ is a capability that allows development teams to integrate security testing tools into the software development process. This is done using GitHub Actions. With code scanning, you can integrate many different types of tools including SAST, container, and infrastructure as code security tools.
-
-**What is CodeQL**: _[CodeQL](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql)_ is a static analysis testing tool that helps you identify security weaknesses such as SQL injection, cross-site scripting, and code injection issues.
-
-### :keyboard: Activity: Enable code scanning with CodeQL
-
-First, we will enable code scanning with CodeQL in our repository.
-
-1. Open a new browser tab, and work on the steps in your second tab while you read the instructions in this tab.
-2. Navigate to the **Settings** tab at the top of your newly created repository.
-3. Under the **Security** section on the left side, select **Code security and analysis**.
-4. Scroll down to the section titled **Code scanning**. For the purpose of this course, we will focus on CodeQL analysis.
-5. Click on the **Set up** dropdown menu and choose **Default**.
-
-
-Let's take a look at the configuration options in the modal:
-
- - **Languages to analyze:** These are the languages that will be scanned by CodeQL. In this case, we will be scanning in `Python`.
- - **Query suites:** CodeQL [queries](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql#about-codeql-queries) are packaged in bundles called "suites". This section allows you to choose which query suite to use. We'll leave this set as **Default** for this exercise. For more information, see "[About CodeQL queries](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql#about-codeql-queries)."
- - **Events:** This section tells CodeQL when to scan. In this case, it's set to scan on any pull request to the `main` branch.
-
-
-
-6. Click **Enable CodeQL**
-7. Wait about 20 seconds then refresh this page (the one you're following instructions from). [GitHub Actions](https://docs.github.com/en/actions) will automatically update to the next step.
diff --git a/.github/steps/1-step.md b/.github/steps/1-step.md
new file mode 100644
index 0000000..ce8e695
--- /dev/null
+++ b/.github/steps/1-step.md
@@ -0,0 +1,48 @@
+## Step 1: Enable Code Scanning
+
+Let's start by learning a bit about code scanning with [CodeQL](https://codeql.github.com/) and how it helps secure your code.
+
+### What is GitHub Code Scanning?
+
+[Code scanning](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) is part of the [GitHub Advanced Security (GHAS)](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security) product suite. It allows development teams to integrate security testing tools directly into the same process you already use for shipping code. It supports many types such as SAST, container, and infrastructure as code. And, the best part is that the results can also live directly in GitHub next to your code. No need for context switching! π
+
+> [!TIP]
+> All features of GitHub Advanced Security are free for public repositories. However, private repositories require a compatible [paid account](https://docs.github.com/en/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
+
+### What is CodeQL?
+
+[CodeQL](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql) is a static analysis testing tool that helps you identify security weaknesses such as SQL injection, cross-site scripting, and code injection issues.
+
+Typically CodeQL [queries](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/) are collected into [query suites](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql#about-codeql-queries) to cover multiple patterns. When combined well, this can be a very powerful! To help with this, teams of security experts have pre-populated suites for many common scenarios and programming languages.
+
+In many cases, taking advantage of CodeQL is as simple as accepting the default suite, but you can also select the extended suite or customize your own with [GitHub Actions]().
+
+
+
+Here are some of the options the default configuration provides:
+
+- **Languages:** Supported languages will automatically detected in your repository and scanning will be enabled.
+
+- **Query suites:** A list of the available suites of patterns that will be used. The **Default** or **Extended** are provided automatically.
+
+- **Events:** Triggers for running a CodeQL scan. It's common to run before merging and on a schedule for production code.
+
+### β¨οΈ Activity: Enable code scanning with CodeQL
+
+1. Open a second tab and navigate to this repository. Ensure you are on the **Code** tab.
+
+1. In the top navigation, select the the **Settings** tab.
+
+1. In the left navigation, fine the **Security** section and select **Advanced Security**.
+
+1. Scroll down and find the **Code scanning** area.
+
+1. In the **CodeQL** setting, click the **Set up** dropdown menu and choose **Default**.
+
+ 
+
+1. Click **Enable CodeQL**.
+
+ > π‘ Tip: This will trigger a first run of CodeQL. You can view the progress in the **Actions** tab.
+
+1. With CodeQL now enabled, Mona will check your progress and share the next steps.
diff --git a/.github/steps/2-review-and-triage-codeql-alerts.md b/.github/steps/2-review-and-triage-codeql-alerts.md
deleted file mode 100644
index dc62a66..0000000
--- a/.github/steps/2-review-and-triage-codeql-alerts.md
+++ /dev/null
@@ -1,88 +0,0 @@
-
-
-## Step 2: Review and Triage CodeQL Alerts
-
-_Way to go! You got CodeQL running! :tada:_
-
-In this exercise, we'll review the CodeQL scan results, triage an alert, and create a GitHub issue to track an alert.
-
-**What is GitHub Actions**: GitHub Actions is the automation and CI/CD platform within GitHub. We use GitHub Actions to orchestrate and execute security scans with code scanning. GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline. For more information on GitHub Actions, see "[Understanding GitHub Actions](https://docs.github.com/en/actions/learn-github-actions/understanding-github-actions)."
-
-**What is CWE**: Common Weakness Enumeration (CWE) is a category system for hardware and software weaknesses and vulnerabilities. Think of it as a way to describe and categorize security issues in an application's source code. For more information on CWEs, see the Wikipedia article "[Common Weakness Enumeration](https://en.wikipedia.org/wiki/Common_Weakness_Enumeration)."
-
-### :keyboard: Activity 1: View the status of a CodeQL scan
-
-In this activity, we'll explore GitHub Actions to view the status of a CodeQL scan.
-1. In your new repository, go to your Actions page by selecting **Actions** from the top navigation bar. If the CodeQL Action run is still executing, you will see a yellow spinner indicating the scan is still in progress. This typically takes about 4 minutes to complete.
-2. Select the run by clicking on **CodeQL Setup**.
-
-
-
-Notice that more information is available inside the Actions run. Feel free to explore this section to view information such as the CodeQL logs, duration, status, and artifacts generated by CodeQL.
-
-Once the scan is complete, a green check will show next to the execution.
-
-### :keyboard: Activity 2: View all CodeQL Alerts
-
-In this activity, we will view the CodeQL findings in the Security page of your repository. The Security page is where all security related information is displayed.
-
-1. Navigate to the **Security** tab in the top navigation bar of your repository.
-2. Select **Code scanning** under the "Vulnerability alerts" heading in left-side navigation bar.
-
-This screen will contain all the vulnerabilities identified by CodeQL inside this repository's codebase. Explore the different filters and search capabilities in this page. These filtering capabilities become very helpful when you're working with many findings!
-
-
-### :keyboard: Activity 3: Review an Alert
-
-In this activity, we will explore the alert UI. We'll review the data flow of the vulnerability, indentify what part of the code the alert impacts, and get more information about the alert.
-
-**Alert status:** This section displays the current alert status (open or closed), identifies the branch where the scan detected the alert, and shows the timestamp of the alert.
-
-
-
-**Location information:** This section describes which part of the code is vulnerable.
-
-
-
-**Paths:** Clicking on "Show paths" will give you additional insights into the alert's data flow. The modal shows us where the user input (we call that a "source") flows through the application until it's acted on (we call this the "sink"). This visualizes the flow of data through your application.
-
-**Recommendations:** This section provides a quick overview of the tool (CodeQL in this case), Rule ID, and even allows you to view the CodeQL query used to find this vulnerability. You can view the query by clicking **View source**. Additionally, this pane includes recommendations for fixing this vulnerability. Click **Show more** to view the full recommendation.
-
-
-
-**Audit trail:** The audit trail shows the history of the alert. This trail will show the status as users mark an alert as closed or fix an alert in the code.
-
-
-
-**Alert triage:** Use the buttons at the top right of the alert to triage or create a new issue for the alert. Don't do anything yet. We'll get into these buttons in a moment. π
-
-**Additional info:** Finally, the right-side panel contains information such as tags, CWE information, and the severity of the alert
- 
-
-
-### :keyboard: Activity 4: Dismiss an Alert
-Now that we're familiar with the alert layout, let's work through the process of closing one.
-
-1. Inside this same alert, click **Dismiss alert**, choose any reason for dismissal, and add a short note.
-2. Click **Dismiss alert**.
-3. At this point, the alert will change its state to "Dismissed". You can now see the change you made in the audit trail at the bottom of the alert.
-4. Navigate back to **Security** > **Code scanning alerts**. You'll see that you only have 1 alert listed.
-5. Click **1 Closed**. This will bring you to the closed alerts where you can view the alert you just closed.
- 
-
-7. (Optional) You can also reopen the alert by opening it, then selecting **Reopen alert**.
-
-### :keyboard: Activity 5: Create a GitHub Issue for an Alert
-This last step will show you how to create a GitHub Issue to track the work that goes into resolving a vulnerability. Issues provide a space for collaboration for a security problem and can be assigned to people or teams.
-
-1. Open one of the open alerts that CodeQL identified from the scan.
-2. Click the green **Create issue** button at the top right of the alert. If you don't see this button, check the status of the alert to make sure it's an open alert.
-3. Add any details you would like to include in the new issue form.
-4. Click **Submit new issue**.
-5. To view the your issue, click **Issues** in the top navigation bar of your repository.
-6. Wait about 20 seconds then refresh this page (the one you're following instructions from). [GitHub Actions](https://docs.github.com/en/actions) will automatically update to the next step.
diff --git a/.github/steps/2-step.md b/.github/steps/2-step.md
new file mode 100644
index 0000000..00627db
--- /dev/null
+++ b/.github/steps/2-step.md
@@ -0,0 +1,75 @@
+## Step 2: Detect Vulnerabilities in a Pull Request
+
+To see how Code Scanning works, we will introduce a vulnerability into the `routes.py` file to trigger an alert.
+
+### β¨οΈ Activity: Create a vulnerability
+
+1. In the top navigation, select the **Code** tab.
+
+1. Navigate to the `server` folder and select the `routes.py` file.
+
+1. In the top right of the preview, click the **Edit** button.
+
+ 
+
+1. Navigate to about **line 16** and modify it to the below.
+
+ ```py
+ "SELECT * FROM books WHERE name LIKE '%" + name + "%'"
+ ```
+
+1. Above the editor in the top-right, click the **Commit changes...** button. In the prompt window, select the radio button for the **Create a new branch** option. **DO NOT commit to the main branch.**
+
+1. Click the **Propose changes** option and click **Create pull request**. Use the below branch name.
+
+ ```txt
+ learning-codeql
+ ```
+
+1. On the new page, below the pull request description, press the **Create pull request** button.
+
+### β¨οΈ Activity: Review pull request
+
+1. If needed, navigate to the newly created pull request from the previous activity.
+
+1. Scroll to the bottom of the pull request and search for a check named `CodeQL`. This is the analysis job scanning the proposed code changes in the pull request.
+
+ 
+
+1. If the job is still running, wait a few minutes for it to complete.
+
+1. Search the comments to find the results of the analysis.
+
+ - Notice that the results found a SQL injection vulnerability. It also suggests a fix.
+ - Don't worry about responding to this or resolving the problem (yet).
+
+ 
+
+ > π‘ Tip: Clicking the **Show paths** link will provide additional insights about the alert's data flow from user input (source), through the application, and when it is acted on (sink).
+
+### β¨οΈ Activity: View the CodeQL scanning logs
+
+1. In the top navigation, select the **Actions** tab.
+
+1. In the left navigation, select the **CodeQL** entry to filter the workflow runs.
+
+ 
+
+1. Click on the workflow run with the name **PR #2** to open a page with more details.
+
+ 
+
+1. Expand the run jobs by clicking **Show all jobs** then click on the **Analyze (python)** entry. The list of all workflow steps is now shown.
+
+ 
+
+ 
+
+1. Find the analysis entry and consider reviewing the logs.
+
+ 
+
+1. With the pull request started and CodeQL scan finished, Mona will check your progress and share the next steps.
+
+> [!TIP]
+> Check out the [Triage code scanning alerts in pull requests](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests) page to learn more about integration of code scanning into pull requests.
diff --git a/.github/steps/3-fix-security-vulnerabilities.md b/.github/steps/3-fix-security-vulnerabilities.md
deleted file mode 100644
index a8ccffc..0000000
--- a/.github/steps/3-fix-security-vulnerabilities.md
+++ /dev/null
@@ -1,41 +0,0 @@
-
-
-## Step 3: Fix Security Vulnerabilities
-
-_Nice work finishing Step 2: Reviewing and Triaging CodeQL Alerts :sparkles:_
-
-In this step, we will work to fix the existing security vulnerabilities already identified by CodeQL. Remember, at this point, we have introduced CodeQL into our repository and had it scan the existing code. The vulnerabilities it found are real-world issues, and they need to be fixed! We'll fix this issue by editing the `/server/routes.py` file.
-
-### :keyboard: Activity 1: Review alerts
-First, before we fix these alerts, we need to make sure the alerts are still open. We'll also need to gather information on which files to fix and how best to fix them.
-
-1. Navigate to your code scanning alerts page: **Security** > **Code scanning**.
-1. You should see two alerts listed as "**Open**". If any of the alerts are listed as "**Closed**", open the alert page and choose **Reopen alert**.
-
-Now that both of these alerts are open, let's fix them. If you look at the alerts, they both call out one specific file containing the issues: `server/routes.py`. The issue is in crafting the SQL query for the database. These queries are vulnerable to SQL injection attacks. We should rewrite these SQL statements more securely.
-
-If you expand the **More info** section at the bottom of the alert, there are very clear suggestions to fix this query. We're going to implement those suggestions in the next activity.
-
-### :keyboard: Activity 2: Edit routes.py
-We now know where the issues exist and how to fix them. We'll start by modifying the file `routes.py`. Again, you'll want to do these next steps in a separate browser window or tab.
-
-1. Click the **Code** tab in your repository.
-2. Select the `server` folder.
-3. Select the `routes.py` file.
-4. Click the **Edit** button to the right.
-
- 
-
-5. Edit line 16 by highlighting the SQL statement and replace it with this text: `"SELECT * FROM books WHERE name LIKE %s", name`.
-
-6. Edit line 22 to replace the SQL statement with this text: `"SELECT * FROM books WHERE author LIKE %s", author`.
-
-7. Click **Commit changes...** from the top right. The "Propose changes" window will pop up. Leave the defaults configured, and click **Commit changes** again.
-8. CodeQL will now initiate a new scan. Check the status of that scan by navigating to **Actions** then choose the **CodeQL** action. Once the scan job completes, Actions will display a green check next to the last run.
-9. Once that CodeQL scan is done, navigate to **Security** > **Code scanning** to review the alerts. You should have zero open alerts and two closed alerts π. Feel free to review the closed alerts, especially the audit trail.
-10. Wait about 20 seconds then refresh this page (the one you're following instructions from). [GitHub Actions](https://docs.github.com/en/actions) will automatically update to the next step.
diff --git a/.github/steps/3-step.md b/.github/steps/3-step.md
new file mode 100644
index 0000000..20416cc
--- /dev/null
+++ b/.github/steps/3-step.md
@@ -0,0 +1,85 @@
+## Step 3: Review and Triage CodeQL Alerts
+
+With our pull request changes now reviewed by CodeQL, we now have some results to view.Let's learn about managing alerts.
+
+GitHub provides a dedicated **Security** tab for securely managing all security related issues. CodeQL saves alerts using the same standard as many other analysis tools with the results showing up under the **Code scanning** area.
+
+
+
+### What information do alerts provide?
+
+The main area of an alert provides the resolution status, affected branch, code location, and classification information like severity and [CVE identification number](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories#cve-identification-numbers).
+
+After the status information, a detailed description of the issue, recommended solutions, and suggested code changes are provided.
+
+
+
+### What is CWE?
+
+Many of the patterns CodeQL scans for come from existing databases of vulnerabilities, which are categorized for easier understanding.
+
+The **Common Weakness Enumeration (CWE)** is a category system for hardware and software weaknesses and vulnerabilities. Think of it as a way to describe and categorize security issues in an application's source code. For more information on CWEs, see the Wikipedia article [Common Weakness Enumeration](https://en.wikipedia.org/wiki/Common_Weakness_Enumeration).
+
+### β¨οΈ Activity: View existing alerts
+
+1. In the top navigation, select the **Security** tab.
+
+1. In the left navigation, find the **Vulnerability alerts** area and select the **Code scanning** option.
+
+ - Notice that there are no alerts. This is expected since the vulnerable code on the pull request has not been merged yet.
+
+1. Return to the recently created pull request. Ignore the failed check and click the **Merge pull request** button.
+
+ 
+
+1. Click the **Delete branch**. It is not needed anymore.
+
+1. Wait a moment for CodeQL to analyze the new changes to the `main` branch.
+
+1. Return the the **Security** tab.
+
+1. In the left navigation, notice that the **Code Scanning** option now has a `1` entry next to it, informing us of an open alert.
+
+ 
+
+### β¨οΈ Activity: Review an Alert
+
+1. In the left navigation, select the **Code scanning** option.
+
+1. Click on the open alert.
+
+1. Notice the description, vulnerability description, and a recommended solution.
+
+ 
+
+1. Notice the audit trail provides the source of the vulnerability and shows that it came from our pull request.
+
+### β¨οΈ Activity: Dismiss and Reopen an Alert
+
+1. In the top right, click **Dismiss alert** dropdown.
+
+1. Select the `Used in tests` option and enter the below description.
+
+ ```md
+ This is a playground repository for learning about CodeQL alerts.
+ ```
+
+ 
+
+1. Click the **Dismiss alert** button.
+
+ - The alert state will change to `Dismissed`.
+ - A read-only entry was added with the description to the audit trail showing who closed it.
+
+ 
+
+1. In the top right, click the **Reopen alert** button.
+
+ - The alert state will change back to `Open`.
+ - A read-only entry was added to the audit trail showing who opened it.
+
+1. With an alert closed and reopened, add a comment to this issue asking Mona to check our progress and share the next steps.
+
+ ```md
+ Hey @professortocat, I've closed an reopened an alert. What is the next step?
+ ```
diff --git a/.github/steps/4-prevent-vulnerabilities-in-the-pull-request.md b/.github/steps/4-prevent-vulnerabilities-in-the-pull-request.md
deleted file mode 100644
index 77a914e..0000000
--- a/.github/steps/4-prevent-vulnerabilities-in-the-pull-request.md
+++ /dev/null
@@ -1,68 +0,0 @@
-
-
-## Step 4: Prevent Vulnerabilities in the Pull Request
-
-_Nicely done! You finished Step 3: Fix Security Vulnerabilites! :partying_face:_
-
-Way to go! You made it this far. We're almost done! The last step is to test out the pull request integration with CodeQL. In this step, we will add a vulnerability back into the `routes.py` file to trigger an alert for a SQL injection vulnerability. This is going to be the same issue we initially saw.
-
-Our goal is to understand what developers experience when they find a new vulnerability.
-
-In this step, we will:
-- edit the `routes.py` file.
-- change the SQL statement to make it insecure.
-- commit those changes and merge the insecure code into the main branch.
-- experience the alert inside the pull request.
-
-Let's get started π
-
-**What is pull request**: Pull requests are proposed changes to a repository submitted by a user and accepted or rejected by a repository's collaborators. This allows multiple people to work on the same code at the same time. For more information, check out the GitHub Skills course "[Introduction to GitHub](https://github.com/skills/introduction-to-github)" or "[About pull requests](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests)" from the GitHub docs.
-
-**What is branch**: A branch is a parallel version of your repository. By default, your repository has one branch named main and it is considered to be the definitive branch. Creating additional branches allows you to copy the main branch of your repository and safely make any changes without disrupting the main project. For more information, see "[About branches](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#)" in the GitHub docs.
-
-### :keyboard: Activity 1: Edit `routes.py` and create a new pull request
-
-In this first activity, we'll introduce the same insecure SQL statement from before to the `routes.py` file. Once we update the file, we'll commit it to a new branch, then create a pull request.
-
- 1. Click the **Code** tab in your repository.
- 2. Select the `server` folder.
- 3. Select the `routes.py` file.
- 4. Click the **Edit** button to the right.
-
-
-
- 5. Edit line 16 by highlighting the SQL statement and replace it with this text: `"SELECT * FROM books WHERE name LIKE '%" + name + "%'"`.
- 6. Click **Commit changes...** from the top right. The "Propose changes" window will pop up.
- 7. This time, select the radio button next to **Create a new branch**. You can create a new name for this branch or leave it as the default suggestion.
- 8. Click **Propose changes**. This opens a new pull request.
- 9. In the "Open a pull request" window, click **Create pull request**.
-
-
-### :keyboard: Activity 2: Review pull request
-
-At this point, we've edited the file `routes.py` to add our vulnerable code, committed those changes to our new branch, and created a pull request to merge the new branch into our `main` branch. These are the same steps a developer would take to introduce new, vulnerable code into a repository.
-
-Now, let's take a look at the pull request to see what the experience is like.
-
-1. In the previous activity, we created the pull request. After creating the pull request, you were brought directly to the pull request page. At the bottom of the pull request, you will see a check called "Code scanning/CodeQL". This is the CodeQL analysis job scanning the code introduced in the pull request.
-
-
-
-2. Once the check is complete, you will see a new comment in the pull request from CodeQL indicating a new security vulnerability; a SQL query built from user-controlled data. This is our SQL injection vulnerability.
-
- 
-
-3. Review the data flow paths by clicking **Show paths**.
-
-4. If you would like, add a comment and tag one of your friends by using their GitHub handle (example: `@username`). This will notify them that you made a comment on the issue and need their help solving the problem. π
-
-If this were a real-world situation, the developer would fix the SQL statement in their branch. Once fixed, the vulnerability will automatically close out.
-
-If you would like to learn more about pull request integrations for code scanning, see "[Triaging code scanning alerts in pull requests](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests)."
-
-5. Wait about 20 seconds then refresh this page (the one you're following instructions from). [GitHub Actions](https://docs.github.com/en/actions) will automatically update to the next step.
diff --git a/.github/steps/4-step.md b/.github/steps/4-step.md
new file mode 100644
index 0000000..c351143
--- /dev/null
+++ b/.github/steps/4-step.md
@@ -0,0 +1,42 @@
+## Step 4: Fix Security Vulnerabilities
+
+Finally, let's use the information provided by CodeQL to better understand the vulnerability and fix it.
+
+### β¨οΈ Activity: Resolve an open alert
+
+1. Review the open alert and become familiar with the recommended changes.
+
+1. In the top navigation, select the **Code** tab.
+
+1. Ensure you are on the `main` branch then navigate to the `server` folder and select the `routes.py` file.
+
+1. In the top right of the preview, click the **Edit** button.
+
+
+
+1. Navigate to about **line 16** and modify it to the below.
+
+ ```py
+ "SELECT * FROM books WHERE name LIKE %s", name
+ ```
+
+1. Above the editor in the top-right, click the **Commit changes...** button. Use the defaults options to commit directly to the `main` branch.
+
+ - CodeQL will now initiate a another scan.
+
+1. Wait a moment for the **CodeQL** workflow to finish.
+
+1. Return the the **Security** tab and **Code Scanning** area.
+
+ - There should be no open alerts and 1 closed alerts. Nice work! π
+ - Feel free to review the closed alerts, especially the audit trail.
+
+1. Click on **Closed** to show our recently resolved alert.
+
+ 
+
+1. Open our alert and notice the audit trail now includes how the alert was fixed.
+
+ 
+
+1. With our alert fixed, Mona will check your progress and share a final review. Nice work! You are all done! π₯³
diff --git a/.github/steps/X-finish.md b/.github/steps/X-finish.md
deleted file mode 100644
index d084992..0000000
--- a/.github/steps/X-finish.md
+++ /dev/null
@@ -1,26 +0,0 @@
-
-
-## Finish
-
-_Congratulations! You have completed this course!_ π
-
-Here's a recap of all the tasks you accomplished in your repository:
- - Enabled CodeQL on your repository.
- - CodeQL scanned the code in your repository and notified us of two SQL injection vulnerabilities.
- - Reviewed the findings, marked the findings as closed, and explored the audit trail.
- - Fixed your code in the main branch and saw that the findings automatically closed out.
- - Introduced a new vulnerability in a new branch.
- - Created a pull request, and were notified of the vulnerability.
-
-### What's next?
-
-- Continue your learning! Our [code scanning documentation](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) is a great resource for learning more about CodeQL.
-- Learn more about CodeQL. Take a look at the [CodeQL documenation](https://codeql.github.com/docs/) site to learn about all of the features of this powerful tool.
-- [We'd love to hear what you thought of this course](https://github.com/orgs/skills/discussions/405).
-- [Take another Skills course.](https://github.com/skills).
-- [Read the GitHub Getting Started docs](https://docs.github.com/en/get-started).
-- To find projects to contribute to, check out [GitHub Explore](https://github.com/explore).
-
diff --git a/.github/steps/x-review.md b/.github/steps/x-review.md
new file mode 100644
index 0000000..e459249
--- /dev/null
+++ b/.github/steps/x-review.md
@@ -0,0 +1,19 @@
+## Review
+
+Great job completing the exercise! You have now:
+
+- Enabled Code Scanning with CodeQL in your repository.
+- Introduced and detected a vulnerability using a pull request.
+- Reviewed and triaged CodeQL alerts.
+- Fixed a security vulnerability and verified the alert was resolved.
+
+By following these steps, youβve learned how to use GitHubβs security features to keep your codebase safe. Remember, regularly reviewing and addressing security alerts is an important part of maintaining healthy projects.
+
+### What's next?
+
+- [Take another Skills exercise.](https://github.com/skills).
+- Visit the [CodeQL documentation](https://codeql.github.com/docs/) to learn about about customizing your code scanning.
+- Check out the [code scanning documentation](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning) to learn about connecting 3rd party scanning tools
+- Explore the [CodeQL CLI & VS Code extension](https://codeql.github.com/docs/codeql-cli/) to run and write custom queries locally.
+- Read the [triaging code scanning alerts guide](https://docs.github.com/en/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests) for best practices on investigating alerts.
+- Learn about [advanced CodeQL query features](https://docs.github.com/en/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/creating-a-custom-query) to build complex custom analyses.
diff --git a/.github/workflows/0-start-exercise.yml b/.github/workflows/0-start-exercise.yml
new file mode 100644
index 0000000..e5e5ff3
--- /dev/null
+++ b/.github/workflows/0-start-exercise.yml
@@ -0,0 +1,72 @@
+name: Step 0
+
+on:
+ push:
+ branches:
+ - main
+
+permissions:
+ contents: write
+ actions: write
+ issues: write
+
+env:
+ STEP_1_FILE: ".github/steps/1-step.md"
+
+jobs:
+ start_exercise:
+ if: |
+ !github.event.repository.is_template
+ name: Start Exercise
+ uses: skills/exercise-toolkit/.github/workflows/start-exercise.yml@v0.5.0
+ with:
+ exercise-title: "Introduction to CodeQL"
+ intro-message: "Learn to use CodeQL to find security vulnerabilities in your code."
+
+ post_next_step_content:
+ name: Post next step content
+ runs-on: ubuntu-latest
+ needs: [start_exercise]
+ env:
+ ISSUE_URL: ${{ needs.start_exercise.outputs.issue-url }}
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Get response templates
+ uses: actions/checkout@v4
+ with:
+ repository: skills/exercise-toolkit
+ path: exercise-toolkit
+ ref: v0.5.0
+
+ - name: Build comment - add step content
+ id: build-comment
+ uses: skills/action-text-variables@v2
+ with:
+ template-file: ${{ env.STEP_1_FILE }}
+ template-vars: |
+ login: ${{ github.actor }}
+ full_repo_name: ${{ github.repository }}
+
+ - name: Create comment - add step content
+ run: |
+ gh issue comment "$ISSUE_URL" \
+ --body "$ISSUE_BODY"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ ISSUE_BODY: ${{ steps.build-comment.outputs.updated-text }}
+
+ - name: Create comment - watching for progress
+ run: |
+ gh issue comment "$ISSUE_URL" \
+ --body-file "exercise-toolkit/markdown-templates/step-feedback/watching-for-progress.md"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Enable next step workflow
+ run: |
+ gh workflow enable "Step 1"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/0-welcome.yml b/.github/workflows/0-welcome.yml
deleted file mode 100644
index df06d1d..0000000
--- a/.github/workflows/0-welcome.yml
+++ /dev/null
@@ -1,66 +0,0 @@
-name: Step 0, Welcome
-
-# This step triggers after the learner creates a new repository from the template.
-# This workflow updates from step 0 to step 1.
-
-# This will run every time we create push a commit to `main`.
-# Reference: https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows
-on:
- workflow_dispatch:
- push:
- branches:
- - main
-
-# Reference: https://docs.github.com/en/actions/security-guides/automatic-token-authentication
-permissions:
- # Need `contents: read` to checkout the repository.
- # Need `contents: write` to update the step metadata.
- contents: write
-
-jobs:
- # Get the current step to only run the main job when the learner is on the same step.
- get_current_step:
- name: Check current step number
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@v4
- - id: get_step
- run: |
- echo "current_step=$(cat ./.github/steps/-step.txt)" >> $GITHUB_OUTPUT
- outputs:
- current_step: ${{ steps.get_step.outputs.current_step }}
-
- on_start:
- name: On start
- needs: get_current_step
-
- # We will only run this action when:
- # 1. This repository isn't the template repository.
- # 2. The step is currently 0.
- # Reference: https://docs.github.com/en/actions/learn-github-actions/contexts
- # Reference: https://docs.github.com/en/actions/learn-github-actions/expressions
- if: >-
- ${{ !github.event.repository.is_template
- && needs.get_current_step.outputs.current_step == 0 }}
-
- # We'll run Ubuntu for performance instead of Mac or Windows.
- runs-on: ubuntu-latest
-
- steps:
- # We'll need to check out the repository so that we can edit the README.
- - name: Checkout
- uses: actions/checkout@v4
- with:
- fetch-depth: 0 # Let's get all the branches.
-
- # TBD-course-set-up
-
- # In README.md, switch step 0 for step 1.
- - name: Update to step 1
- uses: skills/action-update-step@v2
- with:
- token: ${{ secrets.GITHUB_TOKEN }}
- from_step: 0
- to_step: 1
- branch_name: tbd-branch-name
diff --git a/.github/workflows/1-enable-codeql.yml b/.github/workflows/1-enable-codeql.yml
deleted file mode 100644
index e34aa7b..0000000
--- a/.github/workflows/1-enable-codeql.yml
+++ /dev/null
@@ -1,68 +0,0 @@
-name: Step 1, Enable CodeQL
-
-# This step triggers after enabling codeql.
-# This workflow updates from step 1 to step 2.
-
-# This will run every time we enable codeql.
-# Reference: https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows
-on:
- workflow_dispatch:
- # Add events that trigger this workflow.
- workflow_run:
- workflows: [CodeQL]
- types:
- - in_progress
-
-# Reference: https://docs.github.com/en/actions/security-guides/automatic-token-authentication
-permissions:
- # Need `contents: read` to checkout the repository.
- # Need `contents: write` to update the step metadata.
- contents: write
-
-jobs:
- # Get the current step to only run the main job when the learner is on the same step.
- get_current_step:
- name: Check current step number
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@v4
- - id: get_step
- run: |
- echo "current_step=$(cat ./.github/steps/-step.txt)" >> $GITHUB_OUTPUT
- outputs:
- current_step: ${{ steps.get_step.outputs.current_step }}
-
- on_enable-codeql:
- name: On enable codeql
- needs: get_current_step
-
- # We will only run this action when:
- # 1. This repository isn't the template repository.
- # 2. The step is currently 1.
- # Reference: https://docs.github.com/en/actions/learn-github-actions/contexts
- # Reference: https://docs.github.com/en/actions/learn-github-actions/expressions
- if: >-
- ${{ !github.event.repository.is_template
- && needs.get_current_step.outputs.current_step == 1 }}
-
- # We'll run Ubuntu for performance instead of Mac or Windows.
- runs-on: ubuntu-latest
-
- steps:
- # We'll need to check out the repository so that we can edit the README.
- - name: Checkout
- uses: actions/checkout@v4
- with:
- fetch-depth: 0 # Let's get all the branches.
-
- # enable-codeql-additional-steps
-
- # In README.md, switch step 1 for step 2.
- - name: Update to step 2
- uses: skills/action-update-step@v2
- with:
- token: ${{ secrets.GITHUB_TOKEN }}
- from_step: 1
- to_step: 2
- branch_name: tbd-branch-name
diff --git a/.github/workflows/1-step.yml b/.github/workflows/1-step.yml
new file mode 100644
index 0000000..23d48ab
--- /dev/null
+++ b/.github/workflows/1-step.yml
@@ -0,0 +1,75 @@
+name: Step 1
+
+on:
+ workflow_run:
+ workflows: [CodeQL]
+ types:
+ - in_progress
+
+permissions:
+ contents: read
+ actions: write
+ issues: write
+
+env:
+ STEP_2_FILE: ".github/steps/2-step.md"
+
+jobs:
+ find_exercise:
+ name: Find Exercise Issue
+ uses: skills/exercise-toolkit/.github/workflows/find-exercise-issue.yml@v0.6.0
+
+ post_next_step_content:
+ name: Post next step content
+ needs: [find_exercise]
+ runs-on: ubuntu-latest
+ env:
+ ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }}
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Get response templates
+ uses: actions/checkout@v4
+ with:
+ repository: skills/exercise-toolkit
+ path: exercise-toolkit
+ ref: v0.6.0
+
+ - name: Build message - step finished
+ id: build-message-step-finish
+ uses: skills/action-text-variables@v2
+ with:
+ template-file: exercise-toolkit/markdown-templates/step-feedback/step-finished-prepare-next-step.md
+ template-vars: |
+ next_step_number: 2
+
+ - name: Update comment - step finished
+ run: |
+ gh issue comment "$ISSUE_URL" \
+ --body "$ISSUE_BODY"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ ISSUE_BODY: ${{ steps.build-message-step-finish.outputs.updated-text }}
+
+ - name: Create comment - add step content
+ run: |
+ gh issue comment "$ISSUE_URL" \
+ --body-file "$STEP_2_FILE"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Create comment - watching for progress
+ run: |
+ gh issue comment "$ISSUE_URL" \
+ --body-file exercise-toolkit/markdown-templates/step-feedback/watching-for-progress.md
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Disable current workflow and enable next one
+ run: |
+ gh workflow disable "Step 1"
+ gh workflow enable "Step 2"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/2-review-and-triage-codeql-alerts.yml b/.github/workflows/2-review-and-triage-codeql-alerts.yml
deleted file mode 100644
index 2cb3c37..0000000
--- a/.github/workflows/2-review-and-triage-codeql-alerts.yml
+++ /dev/null
@@ -1,66 +0,0 @@
-name: Step 2, review-and-triage-codeql-alerts
-
-# This step triggers after submitting a new issues after review and triage.
-# This workflow updates from step 2 to step 3.
-
-# This will run every time we review-and-triage-codeql-alerts-event-desc.
-# Reference: https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows
-on:
- workflow_dispatch:
- # Add events that trigger this workflow.
- issues:
- types: [opened]
-
-# Reference: https://docs.github.com/en/actions/security-guides/automatic-token-authentication
-permissions:
- # Need `contents: read` to checkout the repository.
- # Need `contents: write` to update the step metadata.
- contents: write
-
-jobs:
- # Get the current step to only run the main job when the learner is on the same step.
- get_current_step:
- name: Check current step number
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@v4
- - id: get_step
- run: |
- echo "current_step=$(cat ./.github/steps/-step.txt)" >> $GITHUB_OUTPUT
- outputs:
- current_step: ${{ steps.get_step.outputs.current_step }}
-
- on_review-and-triage-codeql-alerts-event:
- name: On review and triage codeql alerts
- needs: get_current_step
-
- # We will only run this action when:
- # 1. This repository isn't the template repository.
- # 2. The step is currently 2.
- # Reference: https://docs.github.com/en/actions/learn-github-actions/contexts
- # Reference: https://docs.github.com/en/actions/learn-github-actions/expressions
- if: >-
- ${{ !github.event.repository.is_template
- && needs.get_current_step.outputs.current_step == 2 }}
-
- # We'll run Ubuntu for performance instead of Mac or Windows.
- runs-on: ubuntu-latest
-
- steps:
- # We'll need to check out the repository so that we can edit the README.
- - name: Checkout
- uses: actions/checkout@v4
- with:
- fetch-depth: 0 # Let's get all the branches.
-
- # review-and-triage-codeql-alerts-additional-steps
-
- # In README.md, switch step 2 for step 3.
- - name: Update to step 3
- uses: skills/action-update-step@v2
- with:
- token: ${{ secrets.GITHUB_TOKEN }}
- from_step: 2
- to_step: 3
- branch_name: tbd-branch-name
diff --git a/.github/workflows/2-step.yml b/.github/workflows/2-step.yml
new file mode 100644
index 0000000..0fe048d
--- /dev/null
+++ b/.github/workflows/2-step.yml
@@ -0,0 +1,75 @@
+name: Step 2
+
+on:
+ workflow_run:
+ workflows: [CodeQL]
+ types:
+ - in_progress
+
+permissions:
+ contents: read
+ actions: write
+ issues: write
+
+env:
+ STEP_3_FILE: ".github/steps/3-step.md"
+
+jobs:
+ find_exercise:
+ name: Find Exercise Issue
+ uses: skills/exercise-toolkit/.github/workflows/find-exercise-issue.yml@v0.6.0
+
+ post_next_step_content:
+ name: Post next step content
+ needs: [find_exercise]
+ runs-on: ubuntu-latest
+ env:
+ ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }}
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Get response templates
+ uses: actions/checkout@v4
+ with:
+ repository: skills/exercise-toolkit
+ path: exercise-toolkit
+ ref: v0.6.0
+
+ - name: Build message - step finished
+ id: build-message-step-finish
+ uses: skills/action-text-variables@v2
+ with:
+ template-file: exercise-toolkit/markdown-templates/step-feedback/step-finished-prepare-next-step.md
+ template-vars: |
+ next_step_number: 3
+
+ - name: Update comment - step finished
+ run: |
+ gh issue comment "$ISSUE_URL" \
+ --body "$ISSUE_BODY"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ ISSUE_BODY: ${{ steps.build-message-step-finish.outputs.updated-text }}
+
+ - name: Create comment - add step content
+ run: |
+ gh issue comment "$ISSUE_URL" \
+ --body-file "$STEP_3_FILE"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Create comment - watching for progress
+ run: |
+ gh issue comment "$ISSUE_URL" \
+ --body-file exercise-toolkit/markdown-templates/step-feedback/watching-for-progress.md
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Disable current workflow and enable next one
+ run: |
+ gh workflow disable "Step 2"
+ gh workflow enable "Step 3"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/3-fix-security-vulnerabilities.yml b/.github/workflows/3-fix-security-vulnerabilities.yml
deleted file mode 100644
index 9bbcacd..0000000
--- a/.github/workflows/3-fix-security-vulnerabilities.yml
+++ /dev/null
@@ -1,67 +0,0 @@
-name: Step 3, fix-security-vulnerabilities
-
-# This step triggers after fix-security-vulnerabilities-event-desc.
-# This workflow updates from step 3 to step 4.
-
-# This will run every time we fix-security-vulnerabilities-event-desc.
-# Reference: https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows
-on:
- workflow_dispatch:
- # Add events that trigger this workflow.
- push:
- paths:
- - server/routes.py
-
-# Reference: https://docs.github.com/en/actions/security-guides/automatic-token-authentication
-permissions:
- # Need `contents: read` to checkout the repository.
- # Need `contents: write` to update the step metadata.
- contents: write
-
-jobs:
- # Get the current step to only run the main job when the learner is on the same step.
- get_current_step:
- name: Check current step number
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@v4
- - id: get_step
- run: |
- echo "current_step=$(cat ./.github/steps/-step.txt)" >> $GITHUB_OUTPUT
- outputs:
- current_step: ${{ steps.get_step.outputs.current_step }}
-
- on_fix-security-vulnerabilities-event:
- name: On fix security vulnerabilities
- needs: get_current_step
-
- # We will only run this action when:
- # 1. This repository isn't the template repository.
- # 2. The step is currently 3.
- # Reference: https://docs.github.com/en/actions/learn-github-actions/contexts
- # Reference: https://docs.github.com/en/actions/learn-github-actions/expressions
- if: >-
- ${{ !github.event.repository.is_template
- && needs.get_current_step.outputs.current_step == 3 }}
-
- # We'll run Ubuntu for performance instead of Mac or Windows.
- runs-on: ubuntu-latest
-
- steps:
- # We'll need to check out the repository so that we can edit the README.
- - name: Checkout
- uses: actions/checkout@v4
- with:
- fetch-depth: 0 # Let's get all the branches.
-
- # fix-security-vulnerabilities-additional-steps
-
- # In README.md, switch step 3 for step 4.
- - name: Update to step 4
- uses: skills/action-update-step@v2
- with:
- token: ${{ secrets.GITHUB_TOKEN }}
- from_step: 3
- to_step: 4
- branch_name: tbd-branch-name
diff --git a/.github/workflows/3-step.yml b/.github/workflows/3-step.yml
new file mode 100644
index 0000000..7bffe92
--- /dev/null
+++ b/.github/workflows/3-step.yml
@@ -0,0 +1,112 @@
+name: Step 3
+
+on:
+ issue_comment:
+ types: [created, edited]
+
+permissions:
+ contents: read
+ actions: write
+ issues: write
+
+env:
+ STEP_3_FILE: ".github/steps/4-step.md"
+
+jobs:
+ check_keywords:
+ name: Check issue comment text for required keyword
+ runs-on: ubuntu-latest
+
+ outputs:
+ result: ${{ steps.combine_checks.outputs.result }}
+
+ steps:
+ - name: Check for professortocat reference
+ id: check_professortocat
+ uses: skills/action-keyphrase-checker@v1
+ continue-on-error: true
+ with:
+ text: ${{ github.event.comment.body }}
+ keyphrase: "professortocat"
+ case-sensitive: false
+ minimum-occurrences: 1
+
+ - name: Check for alert reference
+ id: check_alert
+ uses: skills/action-keyphrase-checker@v1
+ continue-on-error: true
+ with:
+ text: ${{ github.event.comment.body }}
+ keyphrase: "alert"
+ case-sensitive: false
+ minimum-occurrences: 1
+
+ - name: Set continue output if both checks succeeded
+ id: combine_checks
+ run: |
+ if [[ "${{ steps.check_professortocat.outcome }}" == "success" && "${{ steps.check_alert.outcome }}" == "success" ]]; then
+ echo "result=success" >> "$GITHUB_OUTPUT"
+ else
+ echo "result=fail" >> "$GITHUB_OUTPUT"
+ fi
+
+ find_exercise:
+ needs: [check_keywords]
+ name: Find Exercise Issue
+ if: needs.check_keywords.outputs.result == 'success'
+ uses: skills/exercise-toolkit/.github/workflows/find-exercise-issue.yml@v0.6.0
+
+ post_next_step_content:
+ name: Post next step content
+ needs: [find_exercise]
+ runs-on: ubuntu-latest
+ env:
+ ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }}
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Get response templates
+ uses: actions/checkout@v4
+ with:
+ repository: skills/exercise-toolkit
+ path: exercise-toolkit
+ ref: v0.6.0
+
+ - name: Build message - step finished
+ id: build-message-step-finish
+ uses: skills/action-text-variables@v2
+ with:
+ template-file: exercise-toolkit/markdown-templates/step-feedback/step-finished-prepare-next-step.md
+ template-vars: |
+ next_step_number: 4
+
+ - name: Update comment - step finished
+ run: |
+ gh issue comment "$ISSUE_URL" \
+ --body "$ISSUE_BODY"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ ISSUE_BODY: ${{ steps.build-message-step-finish.outputs.updated-text }}
+
+ - name: Create comment - add step content
+ run: |
+ gh issue comment "$ISSUE_URL" \
+ --body-file "$STEP_3_FILE"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Create comment - watching for progress
+ run: |
+ gh issue comment "$ISSUE_URL" \
+ --body-file exercise-toolkit/markdown-templates/step-feedback/watching-for-progress.md
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Disable current workflow and enable next one
+ run: |
+ gh workflow disable "Step 3"
+ gh workflow enable "Step 4"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/4-prevent-vulnerabilities-in-the-pull-request.yml b/.github/workflows/4-prevent-vulnerabilities-in-the-pull-request.yml
deleted file mode 100644
index 5e8026d..0000000
--- a/.github/workflows/4-prevent-vulnerabilities-in-the-pull-request.yml
+++ /dev/null
@@ -1,66 +0,0 @@
-name: Step 4, prevent-vulnerabilities-in-the-pull-request
-
-# This step triggers after prevent-vulnerabilities-in-the-pull-request-event-desc.
-# This workflow updates from step 4 to step 5.
-
-# This will run every time we prevent-vulnerabilities-in-the-pull-request-event-desc.
-# Reference: https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows
-on:
- workflow_dispatch:
- # Add events that trigger this workflow
- pull_request:
- types: opened
-
-# Reference: https://docs.github.com/en/actions/security-guides/automatic-token-authentication
-permissions:
- # Need `contents: read` to checkout the repository.
- # Need `contents: write` to update the step metadata.
- contents: write
-
-jobs:
- # Get the current step to only run the main job when the learner is on the same step.
- get_current_step:
- name: Check current step number
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@v4
- - id: get_step
- run: |
- echo "current_step=$(cat ./.github/steps/-step.txt)" >> $GITHUB_OUTPUT
- outputs:
- current_step: ${{ steps.get_step.outputs.current_step }}
-
- on_prevent-vulnerabilities-in-the-pull-request-event:
- name: On prevent vulnerabilities in the pull request
- needs: get_current_step
-
- # We will only run this action when:
- # 1. This repository isn't the template repository.
- # 2. The step is currently 4.
- # Reference: https://docs.github.com/en/actions/learn-github-actions/contexts
- # Reference: https://docs.github.com/en/actions/learn-github-actions/expressions
- if: >-
- ${{ !github.event.repository.is_template
- && needs.get_current_step.outputs.current_step == 4 }}
-
- # We'll run Ubuntu for performance instead of Mac or Windows.
- runs-on: ubuntu-latest
-
- steps:
- # We'll need to check out the repository so that we can edit the README.
- - name: Checkout
- uses: actions/checkout@v4
- with:
- fetch-depth: 0 # Let's get all the branches.
-
- # prevent-vulnerabilities-in-the-pull-request-additional-steps
-
- # In README.md, switch step 4 for step 5.
- - name: Update to step 5
- uses: skills/action-update-step@v2
- with:
- token: ${{ secrets.GITHUB_TOKEN }}
- from_step: 4
- to_step: X
- branch_name: tbd-branch-name
diff --git a/.github/workflows/4-step.yml b/.github/workflows/4-step.yml
new file mode 100644
index 0000000..630e5ef
--- /dev/null
+++ b/.github/workflows/4-step.yml
@@ -0,0 +1,59 @@
+name: Step 4
+
+on:
+ workflow_run:
+ workflows: [CodeQL]
+ types:
+ - completed
+
+permissions:
+ contents: write
+ actions: write
+ issues: write
+
+env:
+ REVIEW_FILE: ".github/steps/x-review.md"
+
+jobs:
+ find_exercise:
+ name: Find Exercise Issue
+ uses: skills/exercise-toolkit/.github/workflows/find-exercise-issue.yml@v0.6.0
+
+ post_review_content:
+ name: Post review content
+ needs: [find_exercise]
+ runs-on: ubuntu-latest
+ env:
+ ISSUE_URL: ${{ needs.find_exercise.outputs.issue-url }}
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Create comment - add step content
+ run: |
+ gh issue comment "$ISSUE_URL" \
+ --body-file "$REVIEW_FILE"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ finish_exercise:
+ name: Finish Exercise
+ needs: [find_exercise, post_review_content]
+ uses: skills/exercise-toolkit/.github/workflows/finish-exercise.yml@v0.6.0
+ with:
+ issue-url: ${{ needs.find_exercise.outputs.issue-url }}
+
+ disable_workflow:
+ name: Disable this workflow
+ needs: [find_exercise, post_review_content]
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Disable current workflow
+ run: gh workflow disable "${{github.workflow}}"
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/5-tbd.yml b/.github/workflows/5-tbd.yml
deleted file mode 100644
index 08e34ff..0000000
--- a/.github/workflows/5-tbd.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-name: Step 5, TBD-step-5-name
-
-# This step triggers after TBD-step-5-event-desc.
-# This workflow updates from step 5 to step X.
-
-# This will run every time we TBD-step-5-event-desc.
-# Reference: https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows
-on:
- workflow_dispatch:
- # Add events that trigger this workflow.
- # TBD-step-5-event:
-
-# Reference: https://docs.github.com/en/actions/security-guides/automatic-token-authentication
-permissions:
- # Need `contents: read` to checkout the repository.
- # Need `contents: write` to update the step metadata.
- contents: write
-
-jobs:
- # Get the current step to only run the main job when the learner is on the same step.
- get_current_step:
- name: Check current step number
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@v4
- - id: get_step
- run: |
- echo "current_step=$(cat ./.github/steps/-step.txt)" >> $GITHUB_OUTPUT
- outputs:
- current_step: ${{ steps.get_step.outputs.current_step }}
-
- on_TBD-step-5-event:
- name: On TBD-step-5-event
- needs: get_current_step
-
- # We will only run this action when:
- # 1. This repository isn't the template repository.
- # 2. The step is currently 5.
- # Reference: https://docs.github.com/en/actions/learn-github-actions/contexts
- # Reference: https://docs.github.com/en/actions/learn-github-actions/expressions
- if: >-
- ${{ !github.event.repository.is_template
- && needs.get_current_step.outputs.current_step == 5 }}
-
- # We'll run Ubuntu for performance instead of Mac or Windows.
- runs-on: ubuntu-latest
-
- steps:
- # We'll need to check out the repository so that we can edit the README.
- - name: Checkout
- uses: actions/checkout@v4
- with:
- fetch-depth: 0 # Let's get all the branches.
-
- # TBD-step-5-additional-steps
-
- # In README.md, switch step 5 for step X.
- - name: Update to step X
- uses: skills/action-update-step@v2
- with:
- token: ${{ secrets.GITHUB_TOKEN }}
- from_step: 5
- to_step: X
- branch_name: tbd-branch-name
diff --git a/Pipfile.lock b/Pipfile.lock
index fa7fe60..f84ac15 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -56,7 +56,7 @@
],
"index": "pypi",
"markers": "python_version >= '3.7'",
- "version": "==3.1.4"
+ "version": "==3.1.6"
},
"markupsafe": {
"hashes": [
diff --git a/README.md b/README.md
index f607bf5..a281e45 100644
--- a/README.md
+++ b/README.md
@@ -1,76 +1,40 @@
-
-
-
-
# Enable CodeQL to secure your source code
-_Ensuring the security of application source code is a critical step in modern software development. In this GitHub Skills course, you will learn to use GitHub code scanning to identify, resolve, and prevent insecure coding patterns._
-
-
-
-
+_Learn to identify, resolve, and prevent insecure coding patterns._
## Welcome
-_Welcome to "Introduction to CodeQL"! :wave:_
-
-In this course, we will explore using GitHub code scanning, powered by [CodeQL](https://codeql.github.com/), to identify common coding practices that can lead to security vulnerabilities. During this course, we will enable code scanning on your repository to identify, remediate, and prevent vulnerabilities.
-
-Code scanning is part of the [GitHub Advanced Security (GHAS)](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security) product suite. All of the features of Advanced Security are 100% free for open source, public repositories.
-
- **Who is this for**: Developers, security engineers, open source maintainers.
-- **What you'll learn**: We'll show you how to enable code scanning and identify SQL injection vulnerabilities with CodeQL.
-- **What you'll build**: A secure software development pipeline that allows you to identify and prevent new security vulnerabilities from being introduced into your production code.
-- **Prerequisites**: In this course, you'll need a baseline knowledge of GitHub concepts such as pull requests, GitHub Actions, and source code. You'll also need to be familiar with the concepts of Static Application Security Testing (SAST). Don't worry, we'll demistify the complex parts for you π.
-- **How long**: This course is four steps long and takes less than 30 minutes to complete.
+- **What you'll learn**: How to enable code scanning to identify typical vulnerabilities like SQL injection, review alerts, and take action to fix them.
+- **What you'll build**: An automated process to identify existing vulnerabilities and prevent future vulnerabilities in production code.
+- **Prerequisites**:
+ - [Introduction to GitHub](https://github.com/skills/introduction-to-github)
+- **How long**: Less than 30 minutes.
-## How to start this course
+### How to start this exercise
-
+Simply copy the exercise to your account, then give your favorite Octocat (Mona) **about 20 seconds** to prepare the first lesson, then **refresh the page**.
-[](https://github.com/new?template_owner=skills&template_name=introduction-to-codeql&owner=%40me&name=skills-introduction-to-codeql&description=GitHub+Skills:+Introduction+to+CodeQL&visibility=public)
+[](https://github.com/new?template_owner=skills-dev&template_name=introduction-to-codeql&owner=%40me&name=skills-introduction-to-codeql&description=Exercise:+Introduction+to+CodeQL&visibility=public)
-1. Right-click **Start course** and open the link in a new tab.
-2. In the new tab, most of the prompts will automatically fill in for you.
- - For owner, choose your personal account or an organization to host the repository.
- - We recommend creating a public repository, as private repositories will [use Actions minutes](https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions).
- - Scroll down and click the **Create repository** button at the bottom of the form.
-3. After your new repository is created, wait about 20 seconds, then refresh the page. Follow the step-by-step instructions in the new repository's README.
+
+Having trouble? π€·
-
+
+---
-
+© 2025 GitHub • [Code of Conduct](https://www.contributor-covenant.org/version/2/1/code_of_conduct/code_of_conduct.md) • [MIT License](https://gh.io/mit)
diff --git a/images/additiona-information.png b/images/additiona-information.png
deleted file mode 100644
index 47034e7..0000000
Binary files a/images/additiona-information.png and /dev/null differ
diff --git a/images/alert-status.png b/images/alert-status.png
deleted file mode 100644
index 75d2006..0000000
Binary files a/images/alert-status.png and /dev/null differ
diff --git a/images/audit-trail.png b/images/audit-trail.png
deleted file mode 100644
index 732c00c..0000000
Binary files a/images/audit-trail.png and /dev/null differ
diff --git a/images/codeql-default-configuration-box.png b/images/codeql-default-configuration-box.png
deleted file mode 100644
index e438832..0000000
Binary files a/images/codeql-default-configuration-box.png and /dev/null differ
diff --git a/images/codeql-setup.png b/images/codeql-setup.png
deleted file mode 100644
index 487f73a..0000000
Binary files a/images/codeql-setup.png and /dev/null differ
diff --git a/images/edit-button.png b/images/edit-button.png
deleted file mode 100644
index 9379968..0000000
Binary files a/images/edit-button.png and /dev/null differ
diff --git a/images/enable-code-scanning-default.png b/images/enable-code-scanning-default.png
deleted file mode 100644
index d1ffd75..0000000
Binary files a/images/enable-code-scanning-default.png and /dev/null differ
diff --git a/images/location-information.png b/images/location-information.png
deleted file mode 100644
index 92f0d78..0000000
Binary files a/images/location-information.png and /dev/null differ
diff --git a/images/one-closed-alert.png b/images/one-closed-alert.png
deleted file mode 100644
index f93b104..0000000
Binary files a/images/one-closed-alert.png and /dev/null differ
diff --git a/images/pr-panel.png b/images/pr-panel.png
deleted file mode 100644
index 3fca9fb..0000000
Binary files a/images/pr-panel.png and /dev/null differ
diff --git a/images/recommendations.png b/images/recommendations.png
deleted file mode 100644
index 97b22a0..0000000
Binary files a/images/recommendations.png and /dev/null differ
diff --git a/images/vulnerabilities-alert-code-scanning.png b/images/vulnerabilities-alert-code-scanning.png
deleted file mode 100644
index 15a85e0..0000000
Binary files a/images/vulnerabilities-alert-code-scanning.png and /dev/null differ
diff --git a/server/routes.py b/server/routes.py
index 67a18af..c9f745f 100644
--- a/server/routes.py
+++ b/server/routes.py
@@ -13,13 +13,14 @@ def index():
if name:
cursor.execute(
- "SELECT * FROM books WHERE name LIKE '%" + name + "%'"
+ "SELECT * FROM books WHERE name LIKE %s", name
)
books = [Book(*row) for row in cursor]
elif author:
cursor.execute(
- "SELECT * FROM books WHERE author LIKE '%" + author + "%'"
+ "SELECT * FROM books WHERE author LIKE %s", author
+
)
books = [Book(*row) for row in cursor]