Overview

In this interactive session, GitHub’s experts will guide participants through practical labs and exercises, enabling engineers to immediately apply GitHub Code Security features within their repositories.

Participants will gain hands-on experience on how to integrate code scanning seamlessly into developer workflows, address vulnerabilities quickly with Copilot Autofix, and manage security campaigns—ultimately enhancing both security and developer productivity.

Code Security offers optionality in how it’s configured, and the session will highlight those options, as well as GitHub’s recommendation based on previous rollouts and best practices.

This offering is targeted at security teams and security champions who have to configure the tool, rather than those who just have to respond to the alerts.

Topics

• GitHub Advanced Security and GitHub Code Security features and benefits overview
• CodeQL deep dive: How it works, sample use cases, configuration, CodeQL CLI
• Analyzing monorepos with CodeQL
• Using Copilot Autofix to quickly remediate code scanning findings with AI
• Viewing and managing security campaigns

Customer benefits

This offering will help customers:

• Enable developers, security teams, and security champions to quickly and effectively integrate GitHub code scanning into their repositories and organizations.
• Enhance developer productivity through seamless integration of code scanning and Copilot Autofix into workflows
• Empower security champions to manage code scanning alerts, use Copilot Autofix, and create security campaigns

Learning objectives

After completing this training, learners will be able to:

• Enable CodeQL analysis within GitHub Actions to perform static analysis for commonly used languages
• Configure GitHub Actions to trigger CodeQL analysis on both a schedule and in response to a pull request
• Understand, triage, and remediate reported vulnerabilities with the Code Scanning user interface
• Configure CodeQL to improve the quality of results
• Integrate common third party tools into Code Scanning via GitHub Actions
• Conduct static analysis scans with the CodeQL CLI locally, in GitHub Actions, and in third-party CI/CD tools
• Scan monorepos with CodeQL

Audience

Required:

• Application security teams
• Security champions

Optional:

• Influential senior developers and leaders

Delivery details

• Level: Intermediate [200]
• Offering type: Training
• Format: Remote
• Class size: 16 participants maximum

Customer prerequisites

Before this training, the customer needs to have in place:

• GitHub Code Security licenses
• Each attendee should have an active GitHub.com account (NOT their EMU or GHES account)