On September 1, 2022, GitHub Learning Lab will shut down.
Read more on the GitHub blog and check out GitHub Skills for courses backed by GitHub Actions.
See an up-to-date option for this page.

Securing your workflows

Learn security best practices and keep your project’s contributions—and contributors—safe.

Start free course Join 6133 others!

social preview

This course will show you how to build, host, and maintain a secure repository on GitHub. By following simple security best practices, you can rest easy knowing your project is secure for contributors and contributions today and in the future.

Collaboration is key to building great software. As you welcome more contributions, keeping your project secure becomes more important than ever.

What you'll learn

In this course, you’ll learn how to:

  • Enable security features for repositories hosted in GitHub
  • Detect vulnerable dependencies in repositories when notified by GitHub's security alerts
  • Utilize best practices to keep sensitive data out of repositories

You'll be able to answer questions like:

  • How do I protect my open-source project?
  • What should I keep out of my GitHub repository?
  • How do I keep sensitive data out of my repository?
  • How do I keep track of package vulnerabilities?

What you'll build

Our Octocat memory game is a fun simple project for you to work with as you learn security strategies.

Screenshot_2020-02-25 Octocat Memory Game

What you need to know

We assume you know GitHub concepts before you start this course. If you need a review, try out Introduction to GitHub. We assume you understand what a package and package manager or dependency manager is.

What we'll use

This project can use GitHub pages to host the memory game. The game uses some minimal JavaScript and CSS. You don't need to work with either in this course. You won't need to do anything outside of the GitHub interface for this course.

Who this is for

This is a great course for anyone who has a GitHub repository, public or private. These practices will help keep your project safe. This is also a great course for anyone who wants to start a new project on GitHub.

Steps to complete this course 6
  1. Enable repository settings

    Enable settings in your repository for the next activities.

  2. Find the vulnerable dependency

    Find the vulnerable dependency, and comment with the suggested update version.

  3. Update the dependency version

    Edit the file in the pull request to update the dependency.

  4. Merge your pull request

    Merge the pull request you've opened to update the vulnerability dependency.

  5. Add to the `.gitignore` file

    The .gitignore file is ready to be edited in an open pull request. Add the .env file to the .gitignore file.

  6. Merge the pull request

    Merge the second pull request with updates to the .gitignore file.

Share Securing your workflows
Average time to complete

20 minutes


All public courses on Learning Lab are free.

Latest release

Learning Paths that include this course

Users who took this course also took

What is GitHub Learning Lab?

Learn new skills by completing fun, realistic projects in your very own GitHub repository.

Ready to start learning?

Start Securing your workflows