From the course: GitHub Advanced Security Cert Prep by Microsoft Press
Unlock this course with a free trial
Join today to access over 24,700 courses taught by industry experts.
Identify where to use Dependabot alerts in the software development lifecycle - GitHub Tutorial
From the course: GitHub Advanced Security Cert Prep by Microsoft Press
Identify where to use Dependabot alerts in the software development lifecycle
- [Instructor] Basically the theme here for this certification exam objective is shift left in your CI/CD pipeline. Early detection, integrating Dependabot alerts such that even at your developer's desk, Dependabot will fail a push or warn you, grant the push but warn you at the console of dependency issues. The specifics of the scenario depends upon what you've got set up and how, but early detection is what we're looking for right at the developers, starting with the developer's desk. Dependabot as you'll see in the demo, interacts as a bot in your pull request reviews so you can go back and forth. There's actually a collection of at Dependabot commands that you can use to interact with Dependabot from your PR. And then of course post-deployment. It's nice to have that safety net of Dependabot running scheduled scans such that if one of your colleagues were to add a bad dependency version, I'm just thinking off the top of my head, or if tomorrow a vulnerability is identified in what…
Contents
-
-
-
-
Learning objectives41s
-
(Locked)
Describe how vulnerable dependencies are identified2m
-
(Locked)
Explain how to act on alerts from GHAS1m 47s
-
(Locked)
Explain the implications of ignoring an alert2m 12s
-
(Locked)
Explain the role of a developer when they discover a security alert2m 2s
-
(Locked)
Describe the differences in access management to view alerts for different security features2m 48s
-
(Locked)
Describe a security policy in a GitHub repository1m 2s
-
(Locked)
Identify where to use Dependabot alerts in the software development lifecycle25m 49s
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-