GitHub Advanced Security Certification

Created in January 13, 2025

2025   ·   notes   learning   security

Continuing through the different GitHub Certifications, I next attempted the Advanced Security exam. This learning path was great and explained a few things I had been seeing in my own repo. One day, I started to receive Dependabot alerts about the Application Consent Phishing Sample repo I had as part of my SANS white paper. Since this was just a test demo application, I wasn’t too worried about the alerts. However, after going through the course, I started to feel bad that I hadn’t updated this or added some additional security settings like secret scanning or code scanning.

I enabled the additional security protections on this repo and fixed the outdated libraries, which cleared the Dependabot alerts. I took the exam and passed. After fixing my own repos, the learning path content made a lot more sense. I would recommend folks do the same for their GitHub environments even if they aren’t going to take the exam. It was worth it. You can see the before and after pictures of my repo.

Before Alerts

After No More Alerts