GitHub Advanced Security for Azure DevOps Workshop
Duration
Half-day
Description
This course provides a comprehensive introduction to code security, focusing on the tools and practices essential for safeguarding software development projects. Participants will gain a deep understanding of GitHub and Azure DevOps, with a focus on GitHub Advanced Security and Microsoft Defender for Cloud. The course covers licensing, pricing, and features, offering insights into the integration of these tools for robust code protection. Practical sessions will include secret scanning, dependency scanning, and code scanning, along with the use of Azure Pipelines for automating security tasks. By the end of the course, participants will be equipped with the knowledge to implement advanced security measures in their development workflows.
Objectives
- Understand the fundamentals of code security and its importance in software development.
- Explore the functionalities and features of GitHub and Azure DevOps as key tools in code security.
- Learn about GitHub Advanced Security and its role in protecting code repositories.
- Gain insights into Microsoft Defender for Cloud and its integration with development platforms.
- Compare licensing and pricing models for GitHub Advanced Security, Azure DevOps, and Microsoft Defender for Cloud.
- Apply advanced security practices such as secret scanning, dependency scanning, and code scanning.
- Utilize Azure Pipelines to automate security tasks and integrate advanced security tools.
- Review real-world applications of code security tools and explore next steps for continuous security improvement.
Prerequisites
No prior experience is required, but basic knowledge of Azure DevOps and GitHub is recommended.
Training Materials
All students receive comprehensive courseware covering all topics in the workshop.
Software Requirements
No software is required for this workshop. If students have access to GitHub Advanced Security and Azure DevOps, they can follow along with the demonstrations.
Outline
- Overview of Code Security
- What is Code Security?
- What is GitHub?
- What is Azure DevOps?
- What is GitHub Advanced Security?
- What is Microsoft Defender for Cloud?
- GitHub Advanced Security
- Licensing
- Pricing
- Features
- Integrations
- Review of Usage in GitHub (optional)
- Azure DevOps
- Licensing
- Pricing
- Features
- Manage Source Code in Repos
- Enable GitHub Advanced Security
- Microsoft Defender for Cloud
- Licensing
- Pricing
- Features
- Integrate with Azure DevOps
- Integrate with GitHub (optional)
- Advanced Security in Practice
- Secret Scanning
- Dependency Scanning
- Code Scanning
- Security Advisories
- Alerts
- Assign Security Issues with Microsoft Defender for Cloud
- Azure Pipelines
- Advanced Security Tasks
- Dependency Scanning Tasks
- Code Scanning Tasks
- CodeQL Queries
- Conclusion
- Summary of Key Concepts
- Q&A
- Further Resources and Next Steps