Build secure software and strengthen DevSecOps practices with GitHub Advanced Security.

Learn how to identify vulnerabilities, protect source code, and improve software security throughout the development lifecycle using GitHub Advanced Security.

Develop practical skills in code scanning, secret scanning, dependency management, vulnerability remediation, and security monitoring to help reduce risk and support secure software delivery.

  • Why get trained: Gain hands-on experience using GitHub security capabilities to detect security issues earlier, improve code quality, strengthen software supply chain security, and support secure development practices.
  • Why it matters: As cyber threats increasingly target software supply chains and development environments, organizations need professionals who can integrate security into development workflows and proactively reduce security risks.
  • Who should attend: Developers, DevOps engineers, DevSecOps practitioners, security engineers, application security professionals, software architects, platform engineers, and IT professionals responsible for secure software development.

Prepare for the Microsoft Certified: GitHub Advanced Security certification and build the skills to embed security into modern development workflows and support resilient software delivery at scale. HRD Corp Claimable

Overview

GitHub Advanced Security (GHAS) plays a crucial role in enhancing the security posture of software development projects on GitHub. It provides a comprehensive set of tools and features designed to identify and address security vulnerabilities throughout the development lifecycle.

By integrating security directly into the development process with GHAS, your team can build more secure and reliable software. The course will explore how to utilize GHAS to maximize security impact and understand GHAS and its role in the security ecosystem.

Skills Covered

  • Introduction to GitHub Advanced Security
  • Configure Dependabot security updates on your GitHub repo
  • Configure and use secret scanning in your GitHub repository
  • Configure code scanning on GitHub
  • Identify security vulnerabilities in your codebase by using CodeQL
  • Code scanning with GitHub CodeQL
  • GitHub administration for GitHub Advanced Security
  • Manage sensitive data and security policies within GitHub

Prerequisites

Target Audience

This course in intended for students who want to understand and implement advanced security practices with the help of GitHub Advanced Security (GHAS).

They will learn how to significantly enhance software development processes and create a more resilient and secure development ecosystem using developer-first solutions to unlock the ability to keep code, supply chain, and secrets secure before you push to production. T

hey will learn how GHAS gives security teams visibility into the cross-organizational security posture and supply chain and unparalleled access to curated security intelligence from millions of developers and security researchers around the world

Course Curriculum

Module 1: Introduction to GitHub Advanced Security

This module will help you become familiar with GitHub’s Advanced Security features (GHAS) and best practices. As you learn about these features, you’ll identify critical areas for eliminating security gaps.

Learning objectives

By the end of this module, you’ll be able to:

  • Define GHAS and the importance of the integral features such as Secret scanning, Code scanning, and Dependabot
  • Know how to utilize GHAS to maximize security impact
  • Understand GHAS and its role in the security ecosystem

Prerequisites

  • A GitHub Enterprise Cloud or Enterprise Server account with GitHub Advanced Security
  • Working knowledge of GitHub Actions and workflows

Module 2: Configure Dependabot security updates on your GitHub repo

Manage your dependencies with GitHub Dependabot.

Learning objectives

By the end of this module, you’ll be able to:

  • Describe the available tools for managing vulnerable dependencies on GitHub.
  • Enable and configure Dependabot alerts.
  • Identify the permissions and roles required to view and enable Dependabot alerts.
  • Enable and configure Dependabot security updates.
  • Identify, review, and address vulnerable dependencies.
  • Explain how to use GraphQL API to retrieve vulnerability information.
  • Explain how to configure notifications for vulnerable dependencies.

Prerequisites

  • A GitHub account
  • Administrative access to a repository
  • Familiarity with managing GitHub administrative settings
  • Working knowledge of the GitHub pull request workflow

Module 3: Configure and use secret scanning in your GitHub repository

Understand how secret scanning works to configure and use it efficiently.

Learning objectives

By the end of this module, you’ll be able to:

  • Describe secret scanning.
  • Configure secret scanning.
  • Use secret scanning.

Prerequisites

  • A GitHub enterprise account with a GitHub Advanced Security license
  • Repository administrator or organization owner permissions
  • Familiarity with managing GitHub administrative settings
  • Basic knowledge of GitHub Actions

Module 4: Configure code scanning on GitHub

This module introduces you to code scanning and its features. You’ll learn how to implement code scanning using CodeQL, third party tools, and GitHub Actions.

Learning objectives

After completing this module, you’ll be able to:

  • Describe code scanning.
  • List the steps for enabling code scanning in a repository.
  • List the steps for enabling code scanning with third-party analysis.
  • Contrast how to implement CodeQL analysis in a GitHub Actions workflow versus a third-party continuous integration (CI) tool.
  • Explain how to configure code scanning on a repository using triggering events.
  • Contrast the frequency of code scanning workflows (scheduled vs triggered by events)

Prerequisites

  • A GitHub enterprise account with a GitHub Advanced Security license
  • Familiarity with managing GitHub administrative settings
  • Basic knowledge of GitHub Actions

Module 5: Identify security vulnerabilities in your codebase by using CodeQL

In this module, you learn about CodeQL and how you can use it to analyze the code in your GitHub repository and identify security vulnerabilities.

Learning objectives

By the end of this module, you’ll be able to:

  • Create a database by using CodeQL to extract a single relational representation of each source file in the codebase.
  • Run CodeQL in a database to find problems in your source code and find potential security vulnerabilities.
  • Understand CodeQL scan results by using GitHub-created queries or your own custom queries.

Prerequisites

  • Basic knowledge of GitHub Actions
  • Familiarity with GitHub code scanning
  • Administrative access to a repository
  • Familiarity with SQL, Prolog, and Datalog

Module 6: Code scanning with GitHub CodeQL

Learn how to use CodeQL, a powerful static analysis tool, to implement code scanning on GitHub.

Learning objectives

By the end of this module, you’ll be able to:

  • Understand CodeQL and how it analyzes code.
  • Understand QL, a unique logic programming language.
  • Set up CodeQL based code scanning in a GitHub repository.
  • Reference a custom CodeQL query.
  • Configure the language matrix in a CodeQL workflow.
  • Learn how to use the CodeQL CLI to generate code scanning results and upload them to GitHub.
  • Implement custom build steps.

Prerequisites

  • A GitHub enterprise account with a GitHub Advanced Security license
  • Necessary permissions to administrate your repository
  • Knowledge of GitHub Advanced Security’s code scanning feature
  • Knowledge of GitHub Actions

Module 7: GitHub administration for GitHub Advanced Security

Understand where GitHub Advanced Security fits in your software development lifecycle and how to enable and roll it out in your organization.

Learning objectives

By the end of this module, you’re able to:

  • Understand what GitHub Advanced Security is and how to use it in the software development lifecycle.
  • Identify which GitHub Advanced Security features are available for open-source projects and which are available on enterprise products.
  • Enable the different features of GitHub Advanced Security on different enterprise products.
  • Determine who should get access to GitHub Advanced Security features in an organization and grant the correct permissions.
  • Set security policies at the organization and repository levels.
  • Understand how to respond to a security alert.
  • Use the Security Overview to monitor security alerts.
  • Use the GitHub Advanced Security API endpoints to manage the GitHub Advanced Security features and alerts.

Prerequisites

  • A GitHub enterprise account with a GitHub Advanced Security license
  • Repository administrator or organization owner permissions
  • Familiarity with managing GitHub administrative settings
  • Knowledge of GitHub Actions

Module 8: Manage sensitive data and security policies within GitHub

Familiarize yourself with GitHub’s basic security tools, which prepare repositories for secure development and industry-standard response to threats.

Learning objectives

In this module, you’ll learn how to:

  • Create documentation that details security guidelines and useful information for collaborators.
  • Set permissions and other rules.
  • Automate processes that prevent security breaches.
  • Respond to security breaches.

Prerequisites

  • A GitHub Enterprise Cloud or Enterprise Server account
  • Working knowledge of GitHub Actions and workflows

Dates & Locations

Let’s make it work for you

Can’t find a date that fits? Need to train your whole team? Looking for a discount?
Speak to one of our learning experts today.

x Clear all selections

August 5, 2026 - August 5, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC
Exam:
RM 225
RM 1200

August 5, 2026 - August 5, 2026

Location: Online
Modal: VILT
Availability: TBC
Exam:
RM 225
RM 1200

November 25, 2026 - November 25, 2026

Location: Kuala Lumpur
Modal: ILT
Availability: TBC
Exam:
RM 225
RM 1200

November 25, 2026 - November 25, 2026

Location: Online
Modal: VILT
Availability: TBC
Exam:
RM 225
RM 1200
Trainocate exam and cert

Exam & Certification

Microsoft Certified: GitHub Advanced Security

This exam is designed for experienced professionals in the field of software development and security. This certification is designed for individuals who have a deep understanding of GitHub and its security features, as well as hands-on experience in securing software development workflows.

  • Level: Intermediate
  • Product: GitHub
  • Role: Administrator, Developer, DevOps Engineer, Solution Architect, Student
  • Subject: DevOps

Training & Certification Guide

You will have 100 minutes to complete this assessment.

Exam policy

This exam will be proctored. You may have interactive components to complete as part of this exam. To learn more about exam duration and experience, visit: Exam duration and exam experience.

If you fail a certification exam, don’t worry. You can retake it 24 hours after the first attempt. For subsequent retakes, the amount of time varies. For full details, visit: Exam retake policy.

Assessed on this exam

  • Domain 1: Describe GitHub Security Suites, Features, and Ecosystem (15–20%)
  • Domain 2: Configure and Use Secret Protection (formerly secret scanning) (15–20%)
  • Domain 3: Configure and Use Supply Chain Security (formerly Dependabot/Dependency Review) (15–20%)
  • Domain 4: Configure and Use Code Security (formerly Code Scanning with CodeQL) (10–15%)
  • Domain 5: Security Operations: Best Practices, Prioritization, and Remediation (15–20%)
  • Domain 6: GitHub Security Suites Administration (10–15%)

Candidates for this exam have experience using GitHub Advanced Security (GHAS) to secure code, secrets, and dependencies across the software development lifecycle.

They can configure security features, triage and remediate alerts, and apply prevention-first practices using policies, workflows, and automation.

Candidates are familiar with GitHub fundamentals, CI/CD, and secure development concepts.

 

Frequently Asked Questions

Speak to a Training Consultant

All courses are HRD Claimable.
Get in touch with our team via the form or WhatsApp us on +6011-5119 6631

Preferred mode of training
Checkboxes