Software supply chain attacks and secrets leakages are still one of the biggest threat vectors for software companies. But supply chain security does not have to be a burden and slow down development! With GitHub Advanced Security (GHAS) you can incorporate security into your development process with a developer first mindset.

This hands-on workshop is designed for developers that want to improve their security posture by giving them practical exercises to get to know GHAS.

The workshop covers:

- Dependency graph, dependabot, and dependency review
- Secret scanning and push protection
- Code scanning and pull request integration
- Include other security tools in GHAS
- CodeQL and writing custom queries
- Rolling out GHAS in your organization

Target audience
This hands-on workshop is designed for developers that want to improve their security posture by giving them practical exercises to get to know GHAS. This is an advanced GitHub topic. We assume that participants have a basic understanding of git, GitHub and GitHub Actions.

Prerequisites
- A laptop (Windows, Mac, or Linux)
- A free account for https://github.com
- A text editor of choice (Visual Studio Code, VIM, Atom, Notepad++ or similar)
- Git in a current version (>2.23, on Windows with Git-Bash for beginners)