Security strategy essentials

This course will show you how to build, host, and maintain a secure repository on GitHub. By following simple security best practices, you can rest easy knowing your project is secure for contributors and contributions today and in the future.

Collaboration is key to building great software. As you welcome more contributions, keeping your project secure becomes more important than ever.

What you'll learn

This course will answer common questions like:

• How can I prevent sensitive data from being pushed to my repository?
• How do I remove traces of the sensitive data if it is indeed published?
• How do I use GitHub's vulnerability alerts?
• How do I automatically fix vulnerable dependencies?
• What's a security policy and how do I implement one?
• What's .gitignore and how do I use it?
• How can I trace sensitive data to its introduction?

In this course, you’ll learn how to:

• Enable vulnerable dependency detection for private repositories
• Detect and fix outdated dependencies
• Automate the detection and fix of vulnerable dependencies with Dependabot
• Add a security policy with the a SECURITY.md file
• Remove a commit exposing sensitive data in a pull request
• Keep sensitive files out of your repository by leveraging the use of a .gitignore file
• Remove historical commits exposing sensitive data deep in your repository

What you'll build

• Completed source repository
• Deployed game

Prerequisites

This course is a great introduction. If you're unfamiliar with working in Pull Requests, consider taking the following course.

• Introduction to GitHub

Projects used

This course makes use of the following open source projects. Consider exploring these repos and maybe even making contributions!

• Octocat Memory Game on CodePen

Audience

Developers, new GitHub users, teams, security professionals, open source maintainers