Introduction
Software security is always important, and it spans the entire software-development lifecycle. Focus is often dedicated towards writing secure code and locking down infrastructure. It's also important to protect the processes that occur during every stage of the software-development lifecycle.
Suppose you're managing an important GitHub repository. You want to enforce the highest level of security, but also want to offer a welcoming experience for contributors. Unfortunately, being secure often introduces friction that obstructs everyone's productivity. To mitigate this overhead, GitHub offers various automated features that allow you to efficiently administer a secure repository without slowing everyone down throughout the entire development process.
Learning objectives
In this module, you'll:
- Recognize the importance of securing your repository and shifting left in the development lifecycle.
- Identify the tools, GitHub features, and best practices to establish a secure development strategy.
- Keep sensitive files out of your repository by applying the use of a
.gitignore
file. - Identify how to detect and fix outdated dependencies with security vulnerabilities.
- Recognize advanced security features such as code scanning and secret scanning.
Prerequisites
- A GitHub account
- The ability to navigate and edit files in GitHub