Securing your workflows

Learn security best practices and keep your project’s contributions—and contributors—safe.

Start Securing your workflows Join 1756 others!

This course will show you how to build, host, and maintain a secure repository on GitHub. By following simple security best practices, you can rest easy knowing your project is secure for contributors and contributions today and in the future.

Collaboration is key to building great software. As you welcome more contributions, keeping your project secure becomes more important than ever.

In this course, you’ll learn how to:

  • Enable security features for repositories hosted in GitHub
  • Detect vulnerable dependencies in repositories when notified by GitHub's security alerts
  • Utilize best practices to keep sensitive data out of repositories

This course has a dedicated message board on the GitHub Community Forum. Create a post to start a conversation, discuss this course with GitHub Trainers and participants, or troubleshoot any issues you encounter.

Steps to complete this course 6
  1. Enable repository settings

    Enable settings in your repository for the next activities.

  2. Find the vulnerable dependency

    Find the vulnerable dependency, and comment with the suggested update version.

  3. Update the dependency version

    Edit the file in the pull request to update the dependency.

  4. Merge your pull request

    Merge the pull request you've opened to update the vulnerability dependency.

  5. Add to the `.gitignore` file

    The `.gitignore` file is ready to be edited in an open pull request. Add the `.env` file to the `.gitignore` file.

  6. Merge the pull request

    Merge the second pull request with updates to the `.gitignore` file.

Share Securing your workflows
Average time to complete

19 minutes


All public courses on Learning Lab are free.

Latest release

Learning Paths that include this course

Users who took this course also took

Ready to start learning?