Security strategy essentials

Course repo for Learning Lab course "Security strategy essentials"

Start Security strategy essentials Join 240 others!

This course will show you how to build, host, and maintain a secure repository on GitHub. By following simple security best practices, you can rest easy knowing your project is secure for contributors and contributions today and in the future.

Collaboration is key to building great software. As you welcome more contributions, keeping your project secure becomes more important than ever.

In this course, you’ll learn how to:

  • Enable vulnerable dependency detection for private repositories
  • Detect and fix outdated dependencies with security vulnerabilities
  • Automate the detection of vulnerable dependencies with Dependabot
  • Add a security policy with the a SECURITY.md file
  • Remove a commit exposing sensitive data in a pull request
  • Keep sensitive files out of your repository by leveraging the use of a .gitignore file
  • Remove historical commits exposing sensitive data deep in your repository

This course has a dedicated message board on the GitHub Community Forum. Create a post to start a conversation, discuss this course with GitHub Trainers and participants, or troubleshoot any issues you encounter.

Steps to complete this course 13
  1. Enable repository settings

    Enable settings in your repository for the next activities.

  2. Find the vulnerable dependency

    Find the vulnerable dependency, and comment with the suggested update version.

  3. Update the dependency version

    Edit the file in the pull request to update the dependency.

  4. Merge your pull request

    Merge the pull request you've opened to update the vulnerability dependency.

  5. Enable Dependabot

    Install Dependabot on your repository.

  6. Add a SECURITY.md file

    Add a SECURITY.md file to your repository.

  7. Merge the SECURITY.md pull request

    Merge the pull request.

  8. Remove sensitive data in a pull request

    Remove sensitive data pushed to a pull request

  9. Approve the pull request

    Approve the contributors pull request

  10. Add a `.gitignore` file

    The `.gitignore` file is ready to be edited in an open pull request. Add the `.env` file to the `.gitignore` file.

  11. Merge the pull request

    Merge the second pull request with updates to the `.gitignore` file.

  12. Find historical reference to a previous .env file

    Find historical reference to a previously committed .env file

  13. Remove historical reference to a previous .env file

    Remove historical reference to a previously committed .env file

Share Security strategy essentials
Average time to complete

44 minutes

Free

All public courses on Learning Lab are free.

Latest release

Learning Paths that include this course

Users who took this course also took

Ready to start learning?