DevOps and Beyond

VSW11 A Lap Around GitHub Advanced Security

11/17/2021

4:00pm - 5:15PM

Level: Introductory to Intermediate

Colin Dembovsky

DevOps Practice Lead and DevOpsologist

Cognizant

Security doesn't have to be hard - especially when it's built into your DevOps platform! In this session, you'll see what tools are available in the GitHub Advanced Security suite and how you can "shift left" on security. See how Dependabot automatically scans your repos to detect vulnerabilities in your package dependencies. You'll also see how to create a custom CodeQL query and how you can integrate custom queries into your CI/CD pipelines.

You will learn:

  • About GitHub Advanced Security tooling
  • How to configure Dependabot dependency scanning
  • How to integrate CodeQL scans into your Actions workflows