Vulnerabilities in code and dependencies represent major security risks for your applications. The GitHub Advanced Security training (GH-500) teaches you in one day to deploy and configure GitHub advanced security features to detect flaws, exposed secrets and vulnerable dependencies in your repositories. You will master code scanning with CodeQL, secret scanning, dependency review and Dependabot to secure your entire development chain.
Delivered by a specialized instructor at ITTA in Geneva or Lausanne, this GH-500 training combines theory and hands-on exercises on the GitHub platform. You will configure automated security analyses, interpret vulnerability alerts and implement remediation workflows. By the end of this day, you will be able to proactively secure your organization repositories with GitHub Advanced Security.
Module 1: Introduction to GitHub Advanced Security
Module 2: Configure Dependabot security updates on your GitHub repo
Module 3: Configure and use secret scanning in your GitHub repository
Module 4: Configure code scanning on GitHub
Module 5: Identify security vulnerabilities in your codebase by using CodeQL
Module 6: Code scanning with GitHub CodeQL
Module 7: GitHub administration for GitHub Advanced Security
Module 8: Manage sensitive data and security policies within GitHub
Application security starts in the source code. GitHub Advanced Security (GHAS) provides a comprehensive set of tools to detect vulnerabilities, exposed secrets and compromised dependencies before they reach production. For organizations in Switzerland managing sensitive code, GHAS has become an essential security layer that integrates directly into the development workflow without slowing down teams.
At ITTA in Geneva and Lausanne, the GitHub Advanced Security training (GH-500) is delivered in one day by an instructor specialized in application security. You will work on concrete scenarios covering the main attack vectors and protection methods.
CodeQL is the static analysis engine at the heart of GitHub code scanning. The GH-500 training teaches you to configure CodeQL analyses on your repositories, understand query results, triage alerts and write custom queries to detect vulnerabilities specific to your codebase. You will work with the CodeQL query suites covering OWASP Top 10 and CWE most common vulnerabilities.
The training covers CodeQL integration into CI/CD workflows with GitHub Actions, automated analysis configuration on pull requests and alert management with severity levels and dismissal policies.
Accidental exposure of secrets (API keys, tokens, passwords) is one of the most common and dangerous security incidents. The training teaches you to configure secret scanning to automatically detect over 200 types of secrets in your repositories. You will learn to manage alerts, configure push protection to block commits containing secrets, and set up notifications for rapid remediation.
Custom secret patterns are also covered: you will learn to define regular expressions to detect your organization-specific secrets that are not covered by default patterns.
Software dependencies represent a major attack vector. The GH-500 training covers Dependabot configuration for automated vulnerability alerts, automatic security update pull requests and dependency review on pull requests. You will learn to manage Dependabot alerts, prioritize critical updates and configure auto-merge policies for minor security patches.
The training also addresses software bill of materials (SBOM), dependency graphs and best practices for evaluating the security of third-party libraries before adopting them.
GitHub Advanced Security allows you to define security policies at the organizational level. The training covers mandatory configuration of code scanning, secret scanning and Dependabot across all repositories, creating security dashboards to monitor the global security posture, and managing exemptions for specific projects.
You will also learn to integrate GHAS into a broader DevSecOps framework: security gates in CI/CD pipelines, vulnerability management processes and compliance reporting for audits.
Do I need a GitHub Advanced Security license to take the training?
The training environment provides access to GHAS features. In production, GitHub Advanced Security is available for GitHub Enterprise organizations.
What languages are supported by CodeQL?
CodeQL supports major languages: C/C++, C#, Go, Java, JavaScript/TypeScript, Python, Ruby and Swift. The training uses concrete examples in several of these languages.
Is the training available as a virtual class?
Yes. You can attend the training in person in Geneva or Lausanne, or as a virtual class with the same instructor and the same hands-on exercises.
What certification do you get with this training?
The GH-500 training prepares you for a Microsoft Applied Skill that validates your skills in advanced GitHub security.
What is the difference between GH-500 and GH-100?
GH-100 covers general GitHub administration (organizations, teams, permissions). GH-500 focuses specifically on advanced security features: code scanning, secret scanning, Dependabot and security policies.
Is the training useful for DevSecOps teams?
Absolutely. GH-500 is designed for teams that want to integrate security into their development pipeline. The acquired skills are directly applicable in a DevSecOps approach.
Monday to Friday
8:30 AM to 6:00 PM
Tel. 058 307 73 00
ITTA
Route des jeunes 35
1227 Carouge, Suisse
Monday to Friday, from 8:30 am to 06:00 pm.
