Program Highlights
The GitHub Advanced Security Training is designed to help learners secure the software development lifecycle using GitHub Advanced Security features. The course focuses on code scanning, secret scanning, dependency management, CodeQL, security policies, and GitHub administration, helping learners identify and address security risks before code reaches production.
8-Hour LIVE Instructor-Led Training
GH-500T00-A Aligned Curriculum
Hands-on GHAS Feature Configuration
CodeQL and Code Scanning Coverage
Secret Scanning and Dependabot Coverage
Certified and Industry-Experienced Trainers
Career Guidance and One-on-One Mentorship
Flexible Schedule with Live Sessions
Post-Training Support and Recordings
Training Schedule
- upcoming classes
- corporate training
- 1 on 1 training
Looking for a customized training?
REQUEST A BATCHWhy Choose Our Corporate Training Solution
- Upskill your team on the latest tech
- Highly customized solutions
- Free Training Needs Analysis
- Skill-specific training delivery
- Secure your organizations inside-out
Why Choose 1-on-1 Training
- Get personalized attention
- Customized content
- Learn at your dedicated hour
- Instant clarification of doubt
- Guaranteed to run
About Course
InfosecTrain’s GH-500T00-A: GitHub Advanced Security Training helps learners understand, configure, and use GitHub Advanced Security to strengthen application security across the software development lifecycle. This training focuses on practical security implementation in GitHub repositories. Learners explore how GHAS helps secure code, secrets, and dependencies using developer-focused tools such as CodeQL, code scanning, secret scanning, Dependabot, dependency review, security alerts, and repository policies. Microsoft describes GHAS as a way to improve the security posture of software projects by identifying and addressing vulnerabilities throughout the development process.
The course is suitable for professionals who want to integrate security into development workflows, reduce risks before production, and prepare for the GitHub Advanced Security certification. The related certification validates the ability to secure code, secrets, and dependencies, configure security features, triage alerts, and use policies, workflows, and automation.
Course Curriculum
-
Learning Path: GitHub Advanced Security Part 1 of 2
- Module 1: Introduction to GitHub Advanced Security
- Introduction
- Define GHAS and the importance of its integral features
- How to utilize GHAS to get the most impact
- Understand GHAS and its role in the security ecosystem
- Module 2: Configure Dependabot security updates on your GitHub repo
- Introduction
- Manage your dependencies on GitHub
- Dependabot alerts
- Dependabot security updates
- Manage Dependabot notifications and reports
- Dependency review
- Exercise – Configure Dependabot security updates
- Module 3: Configure and use secret scanning in your GitHub repository
- Introduction
- What is secret scanning?
- Configure secret scanning
- Use secret scanning
- Exercise – Introduction to secret scanning
- Module 4: Configure code scanning on GitHub
- Introduction
- What is code scanning?
- Enable code scanning with third-party tools
- Configure code scanning
- Exercise – Configure code scanning
- Module 5: Identify security vulnerabilities in your codebase by using CodeQL
- Introduction
- Prepare a database for CodeQL
- Run CodeQL in a database
- Understand CodeQL results
- Troubleshoot CodeQL results
- Module 6: Code scanning with GitHub CodeQL
- Introduction
- What is CodeQL?
- How does CodeQL analyze code?
- What is QL?
- Code scanning and CodeQL
- Customize your code scanning workflow with CodeQL – Part 1
- Exercise – Reference a CodeQL query
- Customize your code scanning workflow with CodeQL – Part 2
- Use the CodeQL CLI
- Customize languages and builds for code scanning
- Exercise – Configure a CodeQL language matrix
- Module 7: GitHub administration for GitHub Advanced Security
- Introduction
- What is GitHub Advanced Security?
- Enable GitHub Advanced Security
- Manage access to GitHub Advanced Security
- Manage the GitHub Advanced Security features and alerts
- Module 8: Manage sensitive data and security policies within GitHub
- Introduction
- Setting security policies
- Create and manage repository rulesets
- Reporting and logging
- Exercise – Removing a commit from the git history
Learning Path: GitHub Advanced Security Part 2 of 2
Target Audience
This course is ideal for
- DevOps Engineers
- Developers
- GitHub Administrators
- Application Security Engineers
- Security Engineers
- Solution Architects
- IT Professionals working with GitHub environments
- Professionals preparing for GitHub Advanced Security certification
Pre-requisites
Learners should have:
- Basic knowledge of GitHub repositories and workflows
- Familiarity with CI/CD concepts
- Understanding of secure software development fundamentals
- Basic awareness of application security and vulnerability management
Exam Details
| Certification Name | GitHub Advanced Security |
| Exam Code | GH-500 |
| Exam Format | Proctored exam; may include interactive components |
| Passing Score | 700 or Greater |
| Exam Duration | 100 Minutes |
| Exam Language | English, Spanish, Portuguese (Brazil), Korean, Japanese |
| Availability | Schedule through Pearson VUE |
Note: The number of questions on a certification exam is subject to change as Microsoft updates it to align with current technology and job role changes. Most Microsoft Certification exams contain between 40 and 60 questions; however, the number can vary by exam.
Course Objectives
After completing GitHub Advanced Security Training, you will be able to:
- Understand the core concepts of GitHub Advanced Security (GHAS) and its role in securing the software development lifecycle
- Configure and manage security features such as code scanning, secret scanning, and dependency review
- Use CodeQL to analyze code and identify vulnerabilities across multiple programming languages
- Implement secure development practices within GitHub workflows and CI/CD pipelines
- Detect, triage, and remediate security alerts effectively
- Protect sensitive information by identifying and preventing secret leaks
- Manage and secure open-source dependencies to reduce supply chain risks
- Apply security policies, automation, and governance across repositories and organizations
- Integrate GitHub security tools with enterprise security and compliance requirements
Vision
Goal
Skill-Building
Mentoring
Direction
Support
Success
Benefits of Training
Secure Code Before Production
Reduce Exposed Secret Risks
Manage Vulnerable Dependencies
Improve DevSecOps Workflows
Build GH-500 Readiness
Average Salary
Average Salary
Hiring Companies
"Source: Indeed, Glassdoor"
Confused about the right course for yourself?
It was a very good experience with the team. The class was clear and understandable, and it benefited me in learning all the concepts and gaining valuable knowledge.
I loved the overall training! Trainer is very knowledgeable, had clear understanding of all the topics covered. Loved the way he pays attention to details.
I had a great experience with the team. The training advisor was very supportive, and the trainer explained the concepts clearly and effectively. The program was well-structured and has definitely enhanced my skills in AI. Thank you for a wonderful learning experience.
The class was really good. The instructor gave us confidence and delivered the content in an impactful and easy-to-understand manner.
The program helped me understand several areas I was unfamiliar with. The instructor was exceptionally skilled and confident in delivering content.
The program was well-structured and easy to follow. The instructor’s use of real-life AI examples made it easier to connect with and understand the concepts.
Frequently Asked Questions
What is GitHub Advanced Security Training?
GitHub Advanced Security Training helps learners secure GitHub-based development workflows using GHAS features such as code scanning, secret scanning, Dependabot, dependency review, CodeQL, and security policies.
Who should enroll in GitHub Advanced Security training?
This course is suitable for:
- DevOps Engineers
- Developers
- GitHub Administrators
- Application Security Engineers
- Security Engineers
- Solution Architects
- IT Professionals working with GitHub environments
- Professionals preparing for GitHub Advanced Security certification
What topics are covered in GH-500 training?
The training covers GHAS fundamentals, Dependabot, dependency review, secret scanning, code scanning, CodeQL, GitHub administration, security policies, repository rulesets, and sensitive data management.
Does the course cover CodeQL, code scanning, and secret scanning?
Yes. The course covers CodeQL, GitHub code scanning, third-party scanning integration, secret scanning configuration, and alert usage.
Will I learn dependency scanning and supply chain security?
Yes. You will learn Dependabot alerts, Dependabot security updates, dependency review, notifications, and dependency risk management.
Is GitHub Advanced Security suitable for DevSecOps Engineers and Developers?
Yes. The course is useful for DevSecOps Engineers and Developers who want to integrate security directly into GitHub development workflows.
What skills will I gain from GitHub Advanced Security training?
You will gain skills in configuring GHAS features, managing alerts, scanning code, detecting secrets, reviewing dependencies, using CodeQL, and applying repository-level security policies.
Does the course cover secure software development practices?
Yes. The course focuses on securing code, dependencies, and secrets across the software development lifecycle using GitHub Advanced Security.
How does GitHub Advanced Security improve application security?
GHAS helps identify vulnerabilities, exposed secrets, and dependency risks earlier in development so teams can fix issues before production.
Can this training help implement DevSecOps in software development workflows?
Yes. The course supports DevSecOps adoption by teaching learners how to integrate security checks, alerts, policies, and automation into GitHub workflows.
How does GitHub Advanced Security help identify and remediate code vulnerabilities?
GHAS uses code scanning and CodeQL to detect potential vulnerabilities, display results, support troubleshooting, and help teams prioritize remediation.
Is this course aligned with Microsoft’s GitHub Advanced Security certification?
Yes. The course is aligned with GH-500T00-A and supports preparation for the GitHub Advanced Security certification. Microsoft lists GitHub Advanced Security as the related certification for GH-500T00-A.