├── CODEOWNERS ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── image.png ├── images ├── Certifiedtocat_full__2_.svg ├── gh-actions.png ├── gh-admin.png ├── gh-certs-badges.png ├── gh-certs.png ├── gh-foundations.png └── gh-security.png └── study-guides ├── gh-actions.md ├── gh-administration.md ├── gh-advanced-security.md └── gh-foundations.md /CODEOWNERS: -------------------------------------------------------------------------------- 1 | @LadyKerr -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contribution Guide 2 | 3 | First off, thanks for taking the time to contribute! ❤️ 4 | 5 | All types of contributions are encouraged and valued. See the [Table of Contents](#table-of-contents) for different ways to help and details about how this project handles them. Please make sure to read the relevant section before making your contribution. It will make it a lot easier for us maintainers and smooth out the experience for all involved. The community looks forward to your contributions. 🎉 6 | 7 | > And if you like the project, but just don't have time to contribute, that's fine. There are other easy ways to support the project and show your appreciation, which we would also be very happy about: 8 | > - Star the project 9 | > - Tweet about it 10 | > - Refer this project in your project's readme 11 | > - Mention the project at local meetups and tell your friends/colleagues 12 | 13 | 14 | ## Table of Contents 15 | 16 | - [Code of Conduct](#code-of-conduct) 17 | - [I Have a Question](#i-have-a-question) 18 | - [I Want To Contribute](#i-want-to-contribute) 19 | - [Reporting Bugs](#reporting-bugs) 20 | - [Suggesting Enhancements](#suggesting-enhancements) 21 | - [Your First Code Contribution](#your-first-code-contribution) 22 | - [Improving The Documentation](#improving-the-documentation) 23 | - [Styleguides](#styleguides) 24 | - [Commit Messages](#commit-messages) 25 | - [Join The Project Team](#join-the-project-team) 26 | 27 | 28 | ## Code of Conduct 29 | 30 | This project and everyone participating in it is governed by the 31 | [CONTRIBUTING.md Code of Conduct](blob/master/CODE_OF_CONDUCT.md). 32 | By participating, you are expected to uphold this code. Please report unacceptable behavior 33 | to <>. 34 | 35 | 36 | ## I Have a Question 37 | 38 | Before you ask a question, it is best to search for existing [Issues](/issues) that might help you. In case you have found a suitable issue and still need clarification, you can write your question in this issue. It is also advisable to search the internet for answers first. 39 | 40 | If you then still feel the need to ask a question and need clarification, we recommend the following: 41 | 42 | - Open an [Issue](/issues/new). 43 | - Provide as much context as you can about what you're running into. 44 | - Provide project and platform versions (nodejs, npm, etc), depending on what seems relevant. 45 | 46 | We will then take care of the issue as soon as possible. 47 | 48 | 49 | ## I Want To Contribute 50 | 51 | > ### Legal Notice 52 | > When contributing to this project, you must agree that you have authored 100% of the content, that you have the necessary rights to the content and that the content you contribute may be provided under the project license. 53 | 54 | ### Reporting Bugs 55 | 56 | #### How Do I Submit a Good Bug Report? 57 | 58 | > You must never report security related issues, vulnerabilities or bugs including sensitive information to the issue tracker, or elsewhere in public. Instead sensitive bugs must be sent by email to <>. 59 | 60 | 61 | We use GitHub issues to track bugs and errors. If you run into an issue with the project: 62 | 63 | - Open an [Issue](/issues/new). (Since we can't be sure at this point whether it is a bug or not, we ask you not to talk about a bug yet and not to label the issue.) 64 | - Explain the behavior you would expect and the actual behavior. 65 | - Please provide as much context as possible and describe the *reproduction steps* that someone else can follow to recreate the issue on their own. This usually includes your code. For good bug reports you should isolate the problem and create a reduced test case. 66 | - Provide the information you collected in the previous section. 67 | 68 | Once it's filed: 69 | 70 | - The project team will label the issue accordingly. 71 | - A team member will try to reproduce the issue with your provided steps. If there are no reproduction steps or no obvious way to reproduce the issue, the team will ask you for those steps and mark the issue as `needs-repro`. Bugs with the `needs-repro` tag will not be addressed until they are reproduced. 72 | - If the team is able to reproduce the issue, it will be marked `needs-fix`, as well as possibly other tags (such as `critical`), and the issue will be left to be [implemented by someone](#your-first-code-contribution). 73 | 74 | 75 | 76 | #### How Do I Submit a Good Enhancement Suggestion? 77 | 78 | Enhancement suggestions are tracked as [GitHub issues](/issues). 79 | 80 | - Use a **clear and descriptive title** for the issue to identify the suggestion. 81 | - Provide a **step-by-step description of the suggested enhancement** in as many details as possible. 82 | - **Describe the current behavior** and **explain which behavior you expected to see instead** and why. At this point you can also tell which alternatives do not work for you. 83 | - You may want to **include screenshots and animated GIFs** which help you demonstrate the steps or point out the part which the suggestion is related to. You can use [this tool](https://www.cockos.com/licecap/) to record GIFs on macOS and Windows, and [this tool](https://github.com/colinkeenan/silentcast) or [this tool](https://github.com/GNOME/byzanz) on Linux. 84 | - **Explain why this enhancement would be useful** to most CONTRIBUTING.md users. You may also want to point out the other projects that solved it better and which could serve as inspiration. 85 | 86 | 87 | ## Attribution 88 | This guide is based on the **contributing.md**. [Make your own](https://contributing.md/)! 89 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Kedasha Kerr 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # GitHub Certifications Guide 🚀 2 | 3 | GitHub certifications are here! 🎉 See the official blog post here: https://github.blog/2024-01-08-github-certifications-are-generally-available/ 4 | 5 | Demonstrate your proficiency at GitHub by becoming certified. This guide will help you prepare for the exams and provide you with resources to help you succeed. 6 | ![GitHub Certifications](./images/gh-certs.png) 7 | 8 | In this repo you will find study guides, and resources to help you prepare for the exams. There are currently 4 certifications available: 9 | 10 | | Certification | Description | Study Guide | 11 | | ---------------------------- | ----------------------------------------------------- | --------------------- | 12 | | [GitHub Foundations](https://learn.microsoft.com/en-us/collections/o1njfe825p602p?WT.mc_id=%3Fwt.mc_id%3Dstudentamb_260352) | Fundamentals concepts and products of GitHub | [GitHub Foundations Guide](./study-guides//gh-foundations.md) | 13 | | [GitHub Actions](https://learn.microsoft.com/collections/n5p4a5z7keznp5?WT.mc_id=%3Fwt.mc_id%3Dstudentamb_260352) | Learn to automate your software development workflows | [GitHub Actions Guide](./study-guides/gh-actions.md) | 14 | | [GitHub Advanced Security](https://learn.microsoft.com/collections/rqymc6yw8q5rey?WT.mc_id=%3Fwt.mc_id%3Dstudentamb_260352) | Learn how to secure your code at every stage of your development lifecycle. | [GHAS Guide](./study-guides//gh-advanced-security.md) | 15 | | [GitHub Administration](https://learn.microsoft.com/collections/mom7u1gzjdxw03?WT.mc_id=%3Fwt.mc_id%3Dstudentamb_260352) | Learn to maintain a healthy, robust, and secure GitHub environment | [GitHub Admin Guide](./study-guides/gh-administration.md) | 16 | 17 | You can find the full **candidate handbook** here: [GitHub Certification Handbook](https://examregistration.github.com/handbook). 18 | 19 | If you have questions, be sure to check out the FAQ page here: [GitHub Certification FAQ](https://examregistration.github.com/faq) 20 | 21 | 22 | ![GitHub Certifications](image.png) 23 | 24 | ## Contributing 25 | 26 | If you have any resources that you would like to add to this repo, please feel free to open a PR and add them! Do take a look at our contribution guidelines [here](./CONTRIBUTING.md) before you do. 27 | 28 | ## Resources 29 | 30 | - [Linkedin Learning - GitHub Foundations Prep Course](https://www.linkedin.com/learning/paths/prepare-for-the-github-foundations-certification?u=3322) ✨ 31 | - [Linkedin Learning - GitHub Admin Prep Course](https://www.linkedin.com/learning/paths/prepare-for-the-github-administration-certification?u=3322) ✨ 32 | 33 | ## License 34 | 35 | This project is licensed under the [MIT License](https://github.com/FidelusAleksander/githubcertified/blob/master/LICENSE). 36 | -------------------------------------------------------------------------------- /image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LadyKerr/github-certification-guide/b929e77f578e60b04b6079c8e598d26496cad467/image.png -------------------------------------------------------------------------------- /images/Certifiedtocat_full__2_.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 15 | 17 | 20 | 23 | 24 | 27 | 30 | 31 | 34 | 37 | 38 | 41 | 44 | 45 | 48 | 51 | 52 | 55 | 58 | 59 | 62 | 65 | 66 | 67 | 76 | 81 | 83 | 86 | 89 | 93 | 94 | 97 | 101 | 102 | 105 | 109 | 110 | 113 | 117 | 118 | 121 | 125 | 126 | 129 | 133 | 134 | 137 | 141 | 142 | 145 | 149 | 150 | 153 | 157 | 158 | 161 | 165 | 166 | 169 | 173 | 174 | 177 | 181 | 182 | 185 | 189 | 190 | 193 | 197 | 198 | 201 | 205 | 206 | 209 | 213 | 214 | 217 | 221 | 222 | 225 | 229 | 230 | 233 | 237 | 238 | 241 | 245 | 246 | 249 | 253 | 254 | 257 | 261 | 262 | 265 | 269 | 270 | 273 | 277 | 278 | 281 | 285 | 286 | 289 | 293 | 294 | 297 | 301 | 302 | 305 | 309 | 310 | 313 | 317 | 318 | 321 | 325 | 326 | 329 | 333 | 334 | 337 | 341 | 342 | 345 | 349 | 350 | 353 | 357 | 358 | 361 | 365 | 366 | 369 | 373 | 374 | 377 | 381 | 382 | 385 | 389 | 390 | 393 | 397 | 398 | 401 | 405 | 406 | 409 | 413 | 414 | 417 | 421 | 422 | 425 | 429 | 430 | 433 | 437 | 438 | 441 | 445 | 446 | 449 | 453 | 454 | 457 | 461 | 462 | 465 | 469 | 470 | 473 | 477 | 478 | 481 | 485 | 486 | 489 | 493 | 494 | 497 | 501 | 502 | 505 | 509 | 510 | 513 | 517 | 518 | 521 | 525 | 526 | 529 | 533 | 534 | 537 | 541 | 542 | 545 | 549 | 550 | 551 | 552 | 554 | 557 | 560 | 564 | 565 | 568 | 572 | 573 | 576 | 580 | 581 | 582 | 583 | 585 | 588 | 591 | 595 | 596 | 598 | 600 | 602 | 606 | 609 | 613 | 614 | 615 | 616 | 617 | 620 | 624 | 625 | 628 | 632 | 633 | 635 | 637 | 639 | 643 | 646 | 650 | 651 | 652 | 653 | 654 | 656 | 658 | 660 | 664 | 667 | 671 | 672 | 673 | 674 | 675 | 678 | 682 | 683 | 686 | 690 | 691 | 694 | 698 | 699 | 702 | 706 | 707 | 710 | 714 | 715 | 716 | 717 | 720 | 724 | 725 | 728 | 732 | 733 | 736 | 740 | 741 | 743 | 746 | 749 | 753 | 754 | 757 | 761 | 762 | 765 | 769 | 770 | 773 | 777 | 778 | 781 | 785 | 786 | 789 | 793 | 794 | 797 | 801 | 802 | 805 | 809 | 810 | 813 | 817 | 818 | 821 | 825 | 826 | 829 | 833 | 834 | 837 | 841 | 842 | 845 | 849 | 850 | 853 | 857 | 858 | 861 | 865 | 866 | 869 | 873 | 874 | 877 | 881 | 882 | 885 | 889 | 890 | 893 | 897 | 898 | 901 | 905 | 906 | 909 | 913 | 914 | 917 | 921 | 922 | 925 | 929 | 930 | 933 | 937 | 938 | 941 | 945 | 946 | 949 | 953 | 954 | 957 | 961 | 962 | 965 | 969 | 970 | 971 | 972 | 973 | 974 | -------------------------------------------------------------------------------- /images/gh-actions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LadyKerr/github-certification-guide/b929e77f578e60b04b6079c8e598d26496cad467/images/gh-actions.png -------------------------------------------------------------------------------- /images/gh-admin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LadyKerr/github-certification-guide/b929e77f578e60b04b6079c8e598d26496cad467/images/gh-admin.png -------------------------------------------------------------------------------- /images/gh-certs-badges.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LadyKerr/github-certification-guide/b929e77f578e60b04b6079c8e598d26496cad467/images/gh-certs-badges.png -------------------------------------------------------------------------------- /images/gh-certs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LadyKerr/github-certification-guide/b929e77f578e60b04b6079c8e598d26496cad467/images/gh-certs.png -------------------------------------------------------------------------------- /images/gh-foundations.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LadyKerr/github-certification-guide/b929e77f578e60b04b6079c8e598d26496cad467/images/gh-foundations.png -------------------------------------------------------------------------------- /images/gh-security.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/LadyKerr/github-certification-guide/b929e77f578e60b04b6079c8e598d26496cad467/images/gh-security.png -------------------------------------------------------------------------------- /study-guides/gh-actions.md: -------------------------------------------------------------------------------- 1 | ![GitHub Actions Study Guide](../images/gh-actions.png) 2 | 3 | > You can also find this [study guide in PDF format](https://assets.ctfassets.net/wfutmusr1t3h/2mMJ6nECbUAdiQMTObbPw6/4b66f25661e8aadcb4db984a95071682/github-actions-exam-preparation-study-guide.pdf) 📝 4 | 5 | # GitHub Actions 6 | 7 | Get exam-ready for your GitHub Actions Certification with our 8 | comprehensive study guide. We’ve curated the essential 9 | resources and learning activities to better prepare you for the 10 | GitHub Actions exam and boost your chances of success. 11 | 12 | ## Objective Domains 13 | 14 | An objective domain for a certification exam, often referred to as a “domain” or “exam domain,” is a structured outline or framework that defines the specific knowledge, skills, and topics that the certification exam will cover. It provides a clear roadmap for what candidates should expect to encounter on the exam and what they need to study and prepare for. 15 | 16 | The domains provided in this study guide are intended to provide insight into the topic categories covered in the GitHub Actions exam, along with the learning objective within each domain. 17 | 18 | Domain Breakdown 19 | ``` 20 | Domain 1: Author and maintain workflows 21 | Domain 2: Consume workflows 22 | Domain 3: Author and maintain actions 23 | Domain 4: Manage GitHub Actions for the enterprise 24 | ``` 25 | 26 | ## Audience Profile 27 | 28 | This exam is designed for DevOps engineers, software developers, and IT professionals with intermediate - level experience in GitHub Actions, including workflow creation, automation, and CI/CD pipeline management. 29 | 30 | ## Recommendations and Best Practices for Success 31 | 32 | To increase your chances of success in passing the GitHub Actions exam, it’s essential to start with a solid foundation of basic experience, exposure, and proficiency of GitHub Actions. The recommended learning paths for this exam provide you with an in-depth study of the learning content, followed by hands-on exercises and preparation assessment questions that were created to enable you to fine-tune your 33 | knowledge and readiness for the certification exam. 34 | 35 | ## Domain 1: Author and maintain workflows 36 | 37 | ``` 38 | Work with events that trigger workflows 39 | ``` 40 | ``` 41 | Configure workflows to run for one or more events 42 | ``` 43 | ``` 44 | Configure workflows to run for scheduled events 45 | ``` 46 | ``` 47 | Configure workflows to run for manual events 48 | ``` 49 | ``` 50 | Configure workflows to run for webhook events (i.e. check_run, check_suite, deployment, etc.) 51 | ``` 52 | ``` 53 | Demonstrate a GitHub event to trigger a workflow based on a practical use case 54 | ``` 55 | 56 | **Use the components of a workflow** 57 | 58 | Identify the correct syntax for workflow jobs (i.e. indentation and encapsulation of parts of the workflow) 59 | 60 | Use job steps for actions and shell commands 61 | 62 | Use conditional keywords for steps 63 | 64 | Describe how actions, workflows, jobs, steps, runs, and the marketplace work together 65 | 66 | Identify scenarios suited for using GitHub-hosted and self-hosted runners 67 | 68 | Implement workflow commands as a run step to communicate with the runner 69 | 70 | Demonstrate the use of dependent jobs 71 | 72 | **Use encrypted secrets and environment variables as part of a workflow** 73 | 74 | Use encrypted secrets to store sensitive information 75 | 76 | Identify the available default environment variables during the construction of the workflow 77 | 78 | Identify the location to set custom environment variables in a workflow 79 | 80 | Identify when to use the GITHUB_TOKEN secret 81 | 82 | Demonstrate how to use workflow commands to set environment variables 83 | 84 | **Create a workflow for a particular purpose** 85 | 86 | Add a script to a workflow 87 | 88 | Demonstrate how to publish to GitHub Packages using a workflow 89 | 90 | Demonstrate how to publish to GitHub Container Registry using a workflow 91 | 92 | Use database and service containers in a GitHub Actions workflow 93 | 94 | Use labels to route workflows to specific runners 95 | 96 | Use CodeQL as a step in a workflow 97 | 98 | Demonstrate how to publish a component as a GitHub release using GitHub Actions 99 | 100 | Deploy a release to a cloud provider using a GitHub Actions workflow 101 | 102 | 103 | ## Domain 2: Consume workflows 104 | 105 | ``` 106 | Interpret the effects of a workflow 107 | ``` 108 | ``` 109 | Identify the event that triggered a workflow from its effects in a repository, issue, or pull request 110 | ``` 111 | ``` 112 | Describe a workflow’s effects from reading its configuration file 113 | ``` 114 | ``` 115 | Diagnose a failed workflow run (i.e. using a workflow run history and its logs, determine why a workflow run may have 116 | failed) 117 | ``` 118 | ``` 119 | Identify ways to access the workflow logs from the user interface 120 | ``` 121 | ``` 122 | Identify ways to access the workflow logs from GitHub’s REST API 123 | ``` 124 | ``` 125 | Enable step debug logging in a workflow 126 | ``` 127 | ``` 128 | Demonstrate how to use default environment variables in a workflow 129 | ``` 130 | ``` 131 | Demonstrate the correct syntax for passing custom environment variables in a workflow step 132 | ``` 133 | ``` 134 | Manage workflow runs 135 | ``` 136 | ``` 137 | Configure caching of workflow dependencies 138 | ``` 139 | ``` 140 | Identify steps to pass data between jobs in a workflow 141 | ``` 142 | ``` 143 | Remove workflow artifacts from GitHub 144 | ``` 145 | ``` 146 | Add a workflow status badge 147 | ``` 148 | ``` 149 | Add environment protections 150 | ``` 151 | ``` 152 | Define a matrix of different job configurations 153 | ``` 154 | ``` 155 | Implement workflow approval gates 156 | ``` 157 | ``` 158 | Locate a workflow, its logs, and artifacts 159 | ``` 160 | ``` 161 | Describe where to locate a workflow in a repository 162 | ``` 163 | ``` 164 | Explain the difference between disabling and deleting of workflows 165 | ``` 166 | ``` 167 | Demonstrate how to download workflow artifacts from the user interface 168 | ``` 169 | ``` 170 | Describe how to use an organization’s templated workflow 171 | ``` 172 | 173 | ``` 174 | Use actions in a workflow 175 | ``` 176 | ``` 177 | Define the indicators of what makes a trustworthy action 178 | ``` 179 | ``` 180 | Identify an action’s type, inputs, and outputs 181 | ``` 182 | ``` 183 | Demonstrate how to use the specific version of an action in a workflow 184 | ``` 185 | ``` 186 | Distribute an action 187 | ``` 188 | ``` 189 | Identify how to select an appropriate distribution model for an action (i.e., public, private, marketplace) 190 | ``` 191 | ``` 192 | Identify the best practices for distributing custom actions 193 | ``` 194 | ``` 195 | Demonstrate how to create a release strategy for an action (i.e. versioning) 196 | ``` 197 | ``` 198 | Demonstrate how to publish an action to the GitHub marketplace 199 | ``` 200 | ## Domain 3: Author and maintain actions 201 | 202 | ``` 203 | Use available action types 204 | ``` 205 | ``` 206 | Identify the type of action required for a given problem (i.e. JavaScript, Docker container, run step) 207 | ``` 208 | ``` 209 | Demonstrate how to troubleshoot JavaScript actions 210 | ``` 211 | ``` 212 | Demonstrate how to troubleshoot Docker container actions 213 | ``` 214 | ``` 215 | Describe the components of an action 216 | ``` 217 | ``` 218 | Identify the files and directory structure needed to create an action 219 | ``` 220 | ``` 221 | Identify the metadata and syntax needed to create an action 222 | ``` 223 | ``` 224 | Implement workflow commands within an action to communicate with the runner (Note: this includes exit codes) 225 | ``` 226 | 227 | ## Domain 4: Manage GitHub Actions in the enterprise 228 | 229 | ``` 230 | Distribute actions and workflows to the enterprise 231 | ``` 232 | ``` 233 | Explain reuse templates for actions and workflows 234 | ``` 235 | ``` 236 | Define an approach for managing and leveraging reusable components (i.e. repos for storage, naming conventions for 237 | files/folders, and plans for ongoing maintenance) 238 | ``` 239 | ``` 240 | Define how to distribute actions for an enterprise 241 | ``` 242 | ``` 243 | Define how to control access to actions within the enterprise 244 | ``` 245 | ``` 246 | Configure organizational use policies for GitHub Actions 247 | ``` 248 | ``` 249 | Manage runners for the enterprise 250 | ``` 251 | ``` 252 | Describe the effects of configuring IP allow lists on GitHub-hosted and self-hosted runners 253 | ``` 254 | ``` 255 | Describe how to select appropriate runners to support workloads (i.e. using a self-hosted versus GitHub-hosted runner, 256 | choosing supported operating systems) 257 | ``` 258 | ``` 259 | Explain the difference between GitHub-hosted and self-hosted runners 260 | ``` 261 | ``` 262 | Configure self-hosted runners for enterprise use (i.e. including proxies, labels, networking) 263 | ``` 264 | ``` 265 | Demonstrate how to manage self-hosted runners using groups (i.e. managing access, moving runners into and between 266 | groups) 267 | ``` 268 | ``` 269 | Demonstrate how to monitor, troubleshoot, and update self-hosted runners 270 | ``` 271 | ``` 272 | Manage encrypted secrets in the enterprise 273 | ``` 274 | ``` 275 | Identify the scope of encrypted secrets 276 | ``` 277 | ``` 278 | Demonstrate how to access encrypted secrets within actions and workflows 279 | ``` 280 | ``` 281 | Explain how to manage organization-level encrypted secrets 282 | ``` 283 | ``` 284 | Explain how to manage repository-level encrypted secrets 285 | ``` 286 | 287 | -------------------------------------------------------------------------------- /study-guides/gh-administration.md: -------------------------------------------------------------------------------- 1 | ![GitHub Administration Study Guide](../images/gh-admin.png) 2 | 3 | > You can also find this [study guide in PDF format](https://assets.ctfassets.net/wfutmusr1t3h/5zTfUfFWQknwoUVA1SAw0o/5e1498f30d64825d94e01cec7dac90fe/github-administration-exam-preparation-study-guide.pdf) 📝 4 | 5 | 6 | # GitHub Administration 7 | 8 | Get exam-ready for the GitHub Administration Certification with 9 | our comprehensive study guide. We’ve curated the essential 10 | resources and learning activities to better prepare you for the 11 | GitHub Administration exam and boost your chances of success. 12 | 13 | ## Objective Domains 14 | 15 | An objective domain for a certification exam, often referred to as a “domain” or “exam domain,” is a 16 | structured outline or framework that defines the specific knowledge, skills, and topics that the certification 17 | exam will cover. It provides a clear roadmap for what candidates should expect to encounter on the exam 18 | and what they need to study and prepare for. 19 | 20 | The domains provided in this study guide are intended to provide insight into the topic categories covered in 21 | the GitHub Administration exam, along with the learning objective within each domain. 22 | 23 | ``` 24 | Domain Breakdown 25 | ``` 26 | ``` 27 | Domain 1: Support GitHub Enterprise for users and key stakeholders 28 | ``` 29 | ``` 30 | Domain 2: Manage user identities and GitHub authentication 31 | ``` 32 | ``` 33 | Domain 3: Describe how GitHub is deployed, distributed, and licensed 34 | ``` 35 | ``` 36 | Domain 4: Manage access and permissions based on membership 37 | ``` 38 | ``` 39 | Domain 5: Enable secure software development and ensure compliance 40 | ``` 41 | ``` 42 | Domain 6: Manage GitHub Actions 43 | ``` 44 | ``` 45 | Domain 7: Manage GitHub Packages 46 | ``` 47 | ## Audience Profile 48 | 49 | This exam is designed for system administrators, software developers, application administrators, and IT 50 | professionals with intermediate-level experience in GitHub Enterprise Administration. 51 | 52 | ## Recommendations and Best Practices for Success 53 | 54 | To increase your chances of success in passing the GitHub Administration exam, it’s essential to start with a 55 | solid foundation of basic experience, exposure, and proficiency of GitHub Administration. The 56 | recommended learning paths for this exam provide you with an in-depth study of the learning content, 57 | followed by hands-on exercises and preparation assessment questions that were created to enable you to 58 | fine-tune your knowledge and readiness for the certification exam. 59 | 60 | ``` 61 | Support GitHub Enterprise for users and key stakeholders 62 | ``` 63 | ``` 64 | Distinguish problems that can be solved by an administrator from those that need GitHub Support 65 | ``` 66 | ``` 67 | Describe how to generate support bundles and diagnostics 68 | ``` 69 | ``` 70 | Describe how GitHub’s products and services are used within the enterprise to identify underutilized features, 71 | integrations in use, most active teams, and repositories. 72 | ``` 73 | ``` 74 | Recommend standards for developer workflows, including code collaboration (fork-and-pull versus branching), 75 | branching, branch protection rules, code owners, the code review process, automation, and release strategy. 76 | ``` 77 | ``` 78 | Explain the tooling ecosystem at the enterprise 79 | ``` 80 | ``` 81 | Explain the enterprise’s CI/CD strategy 82 | ``` 83 | ``` 84 | Discuss how to recommend tooling and workflows to teams within an enterprise 85 | ``` 86 | ``` 87 | Explain how GitHub APIs can be used to extend the capabilities of the administrator from the user interface, such as 88 | querying or storing the audit log 89 | ``` 90 | ``` 91 | Locate an asset from the GitHub Marketplace for a specific need (i.e. find the Azure Pipelines GitHub App in the 92 | Marketplace, install it, and configure it to deploy your code) 93 | ``` 94 | ``` 95 | Contrast a GitHub App and an action (i.e. their permissions, how they’re built, how they’re consumed) 96 | ``` 97 | ``` 98 | List the benefits and risks of using apps and actions from the GitHub Marketplace 99 | ``` 100 | ``` 101 | Manage user identities and GitHub authentication 102 | ``` 103 | ``` 104 | List the implications of enabling SAML single sign-on (SSO) for an individual organization versus all organizations in an 105 | enterprise account 106 | ``` 107 | ``` 108 | List the steps to enable and enforce SAML SSO for a single organization and multiple organizations using enterprise 109 | accounts. 110 | ``` 111 | ``` 112 | Explain how to require two-factor authentication (2FA) for an organization. 113 | ``` 114 | ``` 115 | Explain how to choose supported identity providers. 116 | ``` 117 | ``` 118 | Describe how identity management and authorization works on GitHub 119 | ``` 120 | ``` 121 | List the consequences of a user’s membership in the instance, an organization, or multiple organizations 122 | ``` 123 | ``` 124 | Describe the authentication and authorization model (specifically, how users get to the system, and how they’re granted 125 | access to specific things within GitHub) 126 | ``` 127 | ``` 128 | List the supported SCIM providers (Azure, Okta, self-created) 129 | ``` 130 | ``` 131 | Describe how the SCIM protocol works and how GH supports it 132 | ``` 133 | ``` 134 | Describe how Team synchronization works 135 | ``` 136 | ``` 137 | Contrast team synchronization and SCI 138 | ``` 139 | ## Domain 1: Support GitHub Enterprise for users and key stakeholders 140 | 141 | ## Domain 2: Manage user identities and GitHub authentication 142 | 143 | 144 | ## Domain 3: Describe how GitHub is deployed, distributed, and licensed 145 | 146 | ``` 147 | Contrast the capabilities of GHES, GHEC, and GHAE 148 | ``` 149 | ``` 150 | Describe GitHub Enterprise Cloud (GHEC) 151 | ``` 152 | ``` 153 | Describe GitHub Enterprise Server (GHES) 154 | ``` 155 | ``` 156 | Describe GitHub AE 157 | ``` 158 | ``` 159 | Describe enterprise permissions and policies 160 | ``` 161 | ``` 162 | Explain the benefits and costs of deploying a single organization versus multiple organizations 163 | ``` 164 | ``` 165 | Describe how to set default read permissions versus default write permissions across organizations 166 | ``` 167 | ``` 168 | Describe Team sync through AD 169 | ``` 170 | ``` 171 | Explain maintainability; writing scripts against multiple orgs and multiple access rights 172 | ``` 173 | ``` 174 | Describe how to adjust enterprise policies and organization permissions in alignment with a company’s trust and control 175 | position 176 | ``` 177 | ``` 178 | Differentiate how products are billed, including seat licenses, GitHub Actions, and GitHub Packages 179 | ``` 180 | ``` 181 | Describe pricing for GitHub Actions 182 | ``` 183 | ``` 184 | Describe pricing and support options for organizations 185 | ``` 186 | ``` 187 | Describe how to find statistics of license usage for a specific organization 188 | ``` 189 | ``` 190 | Describe how to find statistics of license usage for machine accounts and peripheral services 191 | ``` 192 | ``` 193 | Explain the consumption of metered products given a report (i.e. GitHub Actions minutes or storage for GitHub 194 | Packages) 195 | ``` 196 | ## Domain 4: Manage access and permissions based on membership 197 | 198 | ``` 199 | Describe enterprise permissions and policies 200 | ``` 201 | ``` 202 | Define a GitHub organization 203 | ``` 204 | ``` 205 | List the possible roles of an organization member 206 | ``` 207 | ``` 208 | Contrast permissions for organization members, owners, and billing managers 209 | ``` 210 | ``` 211 | Describe the difference between being an organization member and an outside collaborator 212 | ``` 213 | ``` 214 | List the consequences of a user’s membership in an instance or organization 215 | ``` 216 | ``` 217 | Explain how to give a user the minimum required permissions for repository, organization, or team access. 218 | ``` 219 | ``` 220 | List the benefits and the drawbacks of creating a new organization 221 | ``` 222 | 223 | ``` 224 | Describe team permissions 225 | ``` 226 | ``` 227 | Define Teams in a GitHub organization 228 | ``` 229 | ``` 230 | List the possible roles of a team member 231 | ``` 232 | ``` 233 | Describe the different permission models 234 | ``` 235 | ``` 236 | Describe how to use the audit log APIs (Rest and GraphQL) to explain a missing asset 237 | ``` 238 | ``` 239 | Define the use case for audit logs 240 | ``` 241 | ``` 242 | Describe security and compliance concepts with GitHub 243 | ``` 244 | ``` 245 | Explain how to provide reports for auditing 246 | ``` 247 | ## Domain 5: Enable secure software development and ensure compliance 248 | 249 | ``` 250 | Enable secure software development and ensure compliance 251 | ``` 252 | ``` 253 | Explain how GitHub supports the enterprise’s security posture 254 | ``` 255 | ``` 256 | Describe scrubbing sensitive data from a Git repository (filter-branch / BFG) 257 | ``` 258 | ``` 259 | Describe scrubbing sensitive data from GitHub (contacting support) 260 | ``` 261 | ``` 262 | Explain how to choose a policy based on how much control is required 263 | ``` 264 | ``` 265 | Explain the impacts of choosing a specific set of policies 266 | ``` 267 | ``` 268 | Define organization policies 269 | ``` 270 | ``` 271 | Define enterprise policies 272 | ``` 273 | ``` 274 | Repository permissions 275 | ``` 276 | ``` 277 | Explain the actions of a user given a list of their permissions, such as repository role, team membership, or organization 278 | membership (https://github.com/organizations//settings/member_privileges) 279 | ``` 280 | ``` 281 | List the repository membership options 282 | ``` 283 | ``` 284 | Explain audit access to a repository 285 | ``` 286 | 287 | **Define and explain the importance of the security features of a GitHub repository** 288 | 289 | Explain the importance of a security policy 290 | 291 | Define a vulnerability 292 | 293 | Describe a vulnerable dependency 294 | 295 | Explain the importance of secret scanning 296 | 297 | Explain the importance of code scanning 298 | 299 | Describe automated code scanning (CodeQL) 300 | 301 | Explain the dependency graph 302 | 303 | Explain the importance of a security advisory 304 | 305 | Describe Dependabot 306 | 307 | Detect and fix outdated dependencies with security vulnerabilities 308 | 309 | Describe security vulnerability alerts 310 | 311 | Create and implement a security response plan that addresses sensitive data on a GitHub repository 312 | 313 | Describe how to use SSH keys and Deploy keys to access repository data 314 | 315 | **API access and integrations** 316 | 317 | List supported access tokens (e.g. PAT, Installation Tokens, OAuth and GitHub app OAuth tokens, Device Tokens, 318 | Refresh tokens) 319 | 320 | Explain how to find a token’s rate limits 321 | 322 | Describe GitHub Apps, their repository permissions, user permissions, and event subscriptions 323 | 324 | Describe OAuth Apps, their permissions, and event subscriptions 325 | 326 | Contrast the use of a personal access token (PAT) or a GitHub App for authenticating a machine account 327 | 328 | Describe the use of machine accounts versus GitHub apps 329 | 330 | Explain how to approve or deny user-created GitHub Apps and OAuth apps based on a security policy 331 | 332 | Define an enterprise managed user (EMU) 333 | 334 | 335 | ## Domain 6: Manage GitHub Actions 336 | 337 | ``` 338 | Distribute actions and workflows to the enterprise 339 | ``` 340 | ``` 341 | Identify reuse templates for actions and workflows 342 | ``` 343 | ``` 344 | Define an approach for managing and leveraging reusable components (i.e. repos for storage, naming conventions for 345 | files/folders, plans for ongoing maintenance) 346 | ``` 347 | ``` 348 | Define how to distribute actions for an enterprise 349 | ``` 350 | ``` 351 | Explain how to control access to actions within the enterprise 352 | ``` 353 | ``` 354 | Configure organizational use policies for GitHub Actions 355 | ``` 356 | ``` 357 | Manage runners for the enterprise 358 | ``` 359 | ``` 360 | Describe the effects of configuring IP allow lists on GitHub-hosted and self-hosted runners 361 | ``` 362 | ``` 363 | Configure IP allow lists on internal applications and systems to allow interaction with GitHub-hosted runners 364 | ``` 365 | ``` 366 | List the effects and potential abuse vectors of enabling self-hosted runners on public repositories 367 | ``` 368 | ``` 369 | Select appropriate runners to support workloads (i.e. using a self-hosted versus GitHub-hosted runner, choosing 370 | supported operating systems) 371 | ``` 372 | ``` 373 | Contrast GitHub-hosted and self-hosted runners 374 | ``` 375 | ``` 376 | Configure self-hosted runners for enterprise use (i.e. including proxies, labels, networking) 377 | ``` 378 | ``` 379 | Manage self-hosted runners using groups (i.e. managing access, moving runners into and between groups) 380 | ``` 381 | ``` 382 | Monitor, troubleshoot, and update self-hosted runners 383 | ``` 384 | ``` 385 | Manage encrypted secrets in the enterprise 386 | ``` 387 | ``` 388 | Identify the scope of encrypted secrets 389 | ``` 390 | ``` 391 | Explain how to access encrypted secrets within actions and workflows 392 | ``` 393 | ``` 394 | Explain how to manage organization-level encrypted secrets 395 | ``` 396 | ``` 397 | Describe how to manage repository-level encrypted secrets 398 | ``` 399 | ``` 400 | Describe how to use 3rd party vaults 401 | ``` 402 | 403 | ``` 404 | Manage encrypted secrets in the enterprise 405 | ``` 406 | ``` 407 | Describe which GH Packages are supported 408 | ``` 409 | ``` 410 | Describe how to access, write, and share GH Packages 411 | ``` 412 | ``` 413 | Describe how to use GH Packages in workflows (i.e. with GH Actions or other CI/CD tools) 414 | ``` 415 | ``` 416 | Explain the differences and use cases between GH Packages and releases 417 | ``` 418 | ## Domain 7: Manage GitHub Packages 419 | 420 | 421 | -------------------------------------------------------------------------------- /study-guides/gh-advanced-security.md: -------------------------------------------------------------------------------- 1 | ![GitHub Advanced Security Study Guide](../images/gh-security.png) 2 | 3 | > You can also find this [study guide in PDF format](https://assets.ctfassets.net/wfutmusr1t3h/4WQrNeENScZlISZKdknVbK/88e6b744c8591f71efef6308483daa4f/github-advanced-security-exam-preparation-study-guide__1_.pdf) 📝 4 | 5 | # GitHub Advanced Security 6 | 7 | Get exam-ready for the GitHub Advanced Security Certification 8 | with our comprehensive study guide. We’ve curated the essential 9 | resources and learning activities to better prepare you for the 10 | exam and boost your chances of success. 11 | 12 | ## Objective Domains 13 | 14 | An objective domain for a certification exam, often referred to as a “domain” or “exam domain,” is a 15 | structured outline or framework that defines the specific knowledge, skills, and topics that the certification 16 | exam will cover. It provides a clear roadmap for what candidates should expect to encounter on the exam 17 | and what they need to study and prepare for. 18 | 19 | The domains provided in this study guide are intended to provide insight into the topic categories covered in 20 | the GitHub Advanced Security exam, along with the learning objective within each domain. 21 | 22 | 23 | Domain Breakdown 24 | 25 | ``` 26 | Domain 1: Describe the GHAS security features and functionality 27 | Domain 2: Configure and use secret scanning 28 | Domain 3: Configure and use dependency management 29 | Domain 4: Configure and use code scanning 30 | Domain 5: Use code scanning with CodeQL 31 | Domain 6: Describe GitHub Advanced Security best practices 32 | Domain 7: Configure GitHub Advanced Security tools in GitHub Enterprise 33 | ``` 34 | 35 | ## Audience Profile 36 | 37 | This exam is designed for experienced professionals in the field of software development and security. This 38 | certification is designed for individuals who have a deep understanding of GitHub and its security features, 39 | as well as hands-on experience in securing software development workflows. 40 | 41 | ## Recommendations and Best Practices for Success 42 | 43 | To increase your chances of success in passing the GitHub Advanced Security exam, candidates should 44 | have a deep understanding of GitHub and its security features, as well as hands-on experience in securing 45 | software development workflows. The recommended learning paths for this exam provide you with an in- 46 | depth study of the learning content, followed by hands-on exercises and preparation assessment questions 47 | that were created to enable you to fine-tune your knowledge and readiness for the certification exam. 48 | 49 | ## Domain 1: Describe the GHAS security features and functionality 50 | ``` 51 | Contrast GHAS features and their role in the security ecosystem 52 | ``` 53 | ``` 54 | Differentiate the security features that come automatically for open source projects, and what features are available 55 | when GHAS is paired with GHEC or GHES 56 | ``` 57 | ``` 58 | Describe the features and benefits of Security Overview 59 | ``` 60 | ``` 61 | Describe the differences between secret scanning and code scanning 62 | ``` 63 | ``` 64 | Describe how secret scanning, code scanning, and Dependabot create a more secure software development life cycle 65 | ``` 66 | ``` 67 | Contrast a security scenario with isolated security review and an advanced scenario, with security integrated into each 68 | step of the software development life cycle 69 | ``` 70 | ``` 71 | Explain and use specific GHAS features 72 | ``` 73 | ``` 74 | Describe how vulnerable dependencies are identified (by looking at the manifest files and comparing with databases of 75 | known vulnerabilities) 76 | ``` 77 | ``` 78 | Explain how to act on alerts from GHAS 79 | ``` 80 | ``` 81 | Explain the implications of ignoring an alert 82 | ``` 83 | ``` 84 | Explain the role of a developer when they discover a security alert 85 | ``` 86 | ``` 87 | Describe the differences in access management to view alerts for different security features 88 | ``` 89 | ``` 90 | Describe a security policy in a GitHub repository 91 | ``` 92 | ``` 93 | Identify where to use Dependabot alerts in the software development lifecycle 94 | ``` 95 | 96 | ## Domain 2: Configure and use secret scanning 97 | 98 | ``` 99 | Enable and use secret scanning 100 | ``` 101 | ``` 102 | Describe secret scanning 103 | ``` 104 | ``` 105 | Choose when secret scanning occurs 106 | ``` 107 | ``` 108 | Contrast secret scanning availability for public and private repositories 109 | ``` 110 | ``` 111 | Enable secret scanning for private repositories 112 | ``` 113 | ``` 114 | Enable secret scanning for an organization 115 | ``` 116 | ``` 117 | Explain how to pick an appropriate response to a secret scanning alert 118 | ``` 119 | ``` 120 | Determine if an alert is generated for a given secret, pattern, or service provider 121 | ``` 122 | ``` 123 | Determine if a given user role will see secret scanning alerts 124 | ``` 125 | 126 | ``` 127 | Customize default secret scanning behavior 128 | ``` 129 | ``` 130 | Configure the recipients of a secret scanning alert (also includes how to provide access to members and teams other 131 | than admins) 132 | ``` 133 | ``` 134 | Describe how to exclude certain files from being scanned for secrets 135 | ``` 136 | ``` 137 | Explain how to enable custom secret scanning for a repository 138 | ``` 139 | ``` 140 | Explain how to enable custom secret scanning for an organization 141 | ``` 142 | ## Domain 3: Configure and use dependency management 143 | 144 | ``` 145 | Describe tools for managing vulnerabilities in dependencies 146 | ``` 147 | ``` 148 | Define a vulnerability 149 | ``` 150 | ``` 151 | Describe Dependabot alerts 152 | ``` 153 | ``` 154 | Describe Dependabot security updates 155 | ``` 156 | ``` 157 | Define the dependency graph 158 | ``` 159 | ``` 160 | Describe how the dependency graph is generated 161 | ``` 162 | ``` 163 | Describe how alerts are generated for vulnerable dependencies (driven from the dependency graph, sourced from the 164 | Github Advisory Database and from WhiteSource) 165 | ``` 166 | 167 | ``` 168 | Enable and configure tools for managing vulnerable dependencies 169 | ``` 170 | ``` 171 | Identify the default settings for Dependabot alerts in public and private repositories 172 | ``` 173 | ``` 174 | Identify the permissions and roles required to enable Dependabot alerts 175 | ``` 176 | ``` 177 | Identify the permissions and roles required to view Dependabot alerts 178 | ``` 179 | ``` 180 | Enable Dependabot alerts for private repositories 181 | ``` 182 | ``` 183 | Enable Dependabot alerts for organizations 184 | ``` 185 | ``` 186 | Create a valid Dependabot configuration file 187 | ``` 188 | ``` 189 | Configure notifications for vulnerable dependencies 190 | ``` 191 | 192 | ``` 193 | Identify and remediate vulnerable dependencies 194 | ``` 195 | ``` 196 | Identify a vulnerable dependency from a Dependabot alert 197 | ``` 198 | ``` 199 | Identify vulnerable dependencies from a pull request 200 | ``` 201 | ``` 202 | Enable Dependabot security updates 203 | ``` 204 | ``` 205 | Remedy a vulnerability from a Dependabot alert in the Security tab (could include updating or removing the dependency) 206 | ``` 207 | ``` 208 | Remedy a vulnerability from a Dependabot alert in the context of a pull request (could include updating or removing the 209 | dependency) 210 | ``` 211 | ``` 212 | Take action on any Dependabot alerts by testing and merging pull requests 213 | ``` 214 | ``` 215 | Use code scanning with third-party tools 216 | ``` 217 | ``` 218 | Enable code scanning for use with a third-party analysis 219 | ``` 220 | ``` 221 | Contrast the steps for using CodeQL versus third party analysis when enabling code scanning 222 | ``` 223 | ``` 224 | Contrast how to implement CodeQL analysis in a GitHub Actions workflow versus a third-party CI tool 225 | ``` 226 | ## Domain 4: Configure and use code scanning 227 | 228 | ``` 229 | Describe and enable code scanning 230 | ``` 231 | ``` 232 | Describe code scanning 233 | ``` 234 | ``` 235 | List the steps for enabling code scanning in a repository using GitHub Actions (i.e. Security tab and click on “set up 236 | code scanning”, set up the GitHub Actions workflow, make any necessary modifications to the workflow) 237 | ``` 238 | ``` 239 | Enable code scanning for use with a CodeQL analysis workflow 240 | ``` 241 | ``` 242 | Describe how code scanning relates to GitHub Actions consumption 243 | ``` 244 | ``` 245 | Configure code scanning 246 | ``` 247 | ``` 248 | Describe how code scanning fits in the software development life cycle 249 | ``` 250 | ``` 251 | Contrast the frequency of code scanning workflows (scheduled versus triggered by events) 252 | ``` 253 | ``` 254 | Choose a triggering event for a given development pattern (for example, in a pull request and for specific files) 255 | ``` 256 | ``` 257 | Edit the default template for Actions workflow to fit an active, open source, production repository 258 | ``` 259 | 260 | ## Domain 5: Use code scanning with CodeQL 261 | ``` 262 | Explain how CodeQL enables code scanning 263 | ``` 264 | ``` 265 | Describe CodeQL 266 | ``` 267 | ``` 268 | Define a QL pack, code query, code suite 269 | ``` 270 | ``` 271 | Describe the default CodeQL query suites 272 | ``` 273 | ``` 274 | Describe how CodeQL analyzes code and produces results, including differences between compiled and interpreted 275 | language 276 | ``` 277 | 278 | ``` 279 | Use CodeQL for code scanning 280 | ``` 281 | ``` 282 | Introduce a CodeQL analysis workflow to a repository 283 | ``` 284 | ``` 285 | List the locations in which CodeQL queries can be specified for use with code scanning 286 | ``` 287 | ``` 288 | Configure the language matrix in a CodeQL workflow 289 | ``` 290 | ``` 291 | Reference a CodeQL query from a public repository within a code scanning workflow 292 | ``` 293 | ``` 294 | Reference a CodeQL query from a private repository within a code scanning workflow 295 | ``` 296 | ``` 297 | Reference a CodeQL query from a local directory within a code scanning workflow 298 | ``` 299 | ``` 300 | Reference a configuration file within the same repository 301 | ``` 302 | ``` 303 | Reference a configuration file in a remote public repository 304 | ``` 305 | ``` 306 | Execute code scanning with the CodeQL command-line interface (CLI), including creating the CodeQL database, 307 | analyzing that database, and posting the SARIF results to GitHub 308 | ``` 309 | ``` 310 | Contrast the steps to execute code scanning in GitHub Actions vs the CodeQL CLI 311 | ``` 312 | ``` 313 | Describe how to triage code scanning results from CodeQL analysis 314 | ``` 315 | ``` 316 | Describe how to view code scanning results from CodeQL analysis 317 | ``` 318 | ``` 319 | Troubleshoot a failing code scanning workflow using CodeQL, including creating or changing a custom configuration in 320 | the CodeQL workflow 321 | ``` 322 | ``` 323 | Follow the data flow through code using the show paths experience 324 | ``` 325 | ``` 326 | Explain the reason for a code scanning alert given documentation linked from the alert 327 | ``` 328 | ``` 329 | Determine if and why a code scanning alert needs to be dismissed 330 | ``` 331 | ``` 332 | Describe potential shortfalls in CodeQL via model of compilation and language support 333 | ``` 334 | ``` 335 | Optimize CodeQL analysis runtimes 336 | ``` 337 | 338 | ## Domain 6: Describe GitHub Advanced Security best practices, results, and how to take corrective measures 339 | 340 | ``` 341 | Use third-party tools with code scanning 342 | ``` 343 | ``` 344 | Explain how to upload 3rd party SARIF results via the SARIF endpoint 345 | ``` 346 | ``` 347 | Explain the purpose of defining a SARIF category 348 | ``` 349 | ``` 350 | Describe GitHub Advanced Security best practices, results, and how to take corrective measures 351 | ``` 352 | ``` 353 | Use a Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) to describe a GitHub 354 | Advanced Security alert and list potential remediation 355 | ``` 356 | ``` 357 | Describe the decision-making process for closing and dismissing security alerts (documenting the dismissal, making a 358 | decision based on data) 359 | ``` 360 | ``` 361 | Determine the roles and responsibilities of development and security teams on a software development workflow 362 | ``` 363 | ``` 364 | Explain how to set a review cadence with security teams, when appropriate 365 | ``` 366 | ``` 367 | Use security policies to instruct all contributors to better secure their repositories 368 | ``` 369 | ``` 370 | Compare the code scanning alert against the repository’s security policy (i.e. should we block merges with unfixed 371 | security vulnerabilities?) 372 | ``` 373 | ``` 374 | Align repository branch protection configuration with written security policies 375 | ``` 376 | 377 | 378 | ``` 379 | GitHub Advanced Security Administration 380 | ``` 381 | ``` 382 | Explain how GitHub Advanced Security features are enabled on GitHub Enterprise Server 383 | ``` 384 | ``` 385 | Explain how GitHub Advanced Security features are enabled for an organization 386 | ``` 387 | ``` 388 | Set security policies for a repository 389 | ``` 390 | ``` 391 | Set security policies for an organization 392 | ``` 393 | ``` 394 | Describe how permissions are interpreted throughout security workflow 395 | ``` 396 | ``` 397 | Locate API endpoints for GHAS features, like secret scanning, code scanning, and dependabot 398 | ``` 399 | ``` 400 | List stakeholders that need to be involved in the security workflows enabled by GHAS, including their role in the 401 | workflow 402 | ``` 403 | ``` 404 | Configure code scanning within a repository or organization using the default CodeQL workflow 405 | ``` 406 | ``` 407 | Identify the custom build steps necessary in a CodeQL workflow 408 | ``` 409 | 410 | 411 | -------------------------------------------------------------------------------- /study-guides/gh-foundations.md: -------------------------------------------------------------------------------- 1 | ![GitHub Foundations Study Guide](../images/gh-foundations.png) 2 | 3 | > You can also find this [study guide in PDF format](https://assets.ctfassets.net/wfutmusr1t3h/1kmMx7AwI4qH8yIZgOmQlP/4e60030cc6c76688698652e830ea2a48/github-foundations-exam-study-guide.pdf) 📝 4 | 5 | # GitHub Foundations 6 | 7 | Get exam-ready for your **GitHub Foundations Certification** with our comprehensive study guide. We’ve curated the essential resources and insights you need to navigate the foundations of GitHub and boost your success with the exam. 8 | 9 | ## Objective Domains 10 | 11 | An objective domain for a certification exam, often referred to as a “domain” or “exam domain,” is a structured outline or framework that defines the specific knowledge, skills, and topics that the certification 12 | exam will cover. It provides a clear roadmap for what candidates should expect to encounter on the exam 13 | and what they need to study and prepare for. 14 | 15 | The domains provided in this study guide are intended to provide insight into the topic categories covered in 16 | the GitHub Foundations exam, along with the learning objective within each domain. 17 | 18 | ``` 19 | Domain Breakdown 20 | ``` 21 | ``` 22 | Domain 1: Introduction to Git and GitHub 23 | ``` 24 | ``` 25 | Domain 2: Working with GitHub Repositories 26 | ``` 27 | ``` 28 | Domain 3: Collaboration Features 29 | ``` 30 | ``` 31 | Domain 4: Modern Development 32 | ``` 33 | ``` 34 | Domain 5: Project Management 35 | ``` 36 | ``` 37 | Domain 6: Privacy, Security, and Administration 38 | ``` 39 | ``` 40 | Domain 7: Benefits of the GitHub Community 41 | ``` 42 | ## Audience Profile 43 | 44 | This exam is targeted towards GitHub users who want to validate their understanding of the foundational 45 | topics, products, and concepts of collaborating, contributing, and working on GitHub. 46 | 47 | ## Recommendations and Best Practices for Success 48 | 49 | To increase your chances of success in passing the GitHub Foundations exam, it’s essential to start with a 50 | solid foundation of basic experience, exposure, and proficiency on GitHub. The recommended learning 51 | paths for this exam provide you with an in-depth study of the learning content, followed by hands-on 52 | exercises and preparation assessment questions that were created to enable you to fine-tune your 53 | knowledge and readiness for the certification exam. 54 | 55 | 56 | ## Domain 1: Introduction to Git and GitHub 57 | 58 | ``` 59 | Git and GitHub Basics 60 | ``` 61 | ``` 62 | Describe version control 63 | ``` 64 | ``` 65 | Define distributed version control 66 | ``` 67 | ``` 68 | Describe Git 69 | ``` 70 | ``` 71 | Describe GitHub 72 | ``` 73 | ``` 74 | Explain the difference between Git and GitHub 75 | ``` 76 | ``` 77 | Describe a GitHub repository 78 | ``` 79 | ``` 80 | Describe a commit 81 | ``` 82 | ``` 83 | Describe branching 84 | ``` 85 | ``` 86 | Define a remote in Git terminology 87 | ``` 88 | ``` 89 | Describe the GitHub flow 90 | ``` 91 | 92 | **GitHub Entities** 93 | 94 | ``` 95 | Describe the different GitHub accounts (personal, organization, enterprise) 96 | ``` 97 | ``` 98 | Describe GitHub’s products for personal accounts (free, pro) 99 | ``` 100 | ``` 101 | Describe GitHub’s products for organization accounts (free for organizations, teams) 102 | ``` 103 | ``` 104 | Describe the different deployment options for GitHub Enterprise 105 | ``` 106 | ``` 107 | Describe the features in the user profile (metadata, achievements, profile readme, repositories, pinned repositories, 108 | stars, etc.) 109 | ``` 110 | 111 | **GitHub Markdown** 112 | 113 | Identify the text formatting toolbar on issue and pull request comments 114 | 115 | Describe Markdown 116 | 117 | Identify the basic formatting syntax (headings, links, task lists, comments, etc.) 118 | 119 | Explain where to find and use slash commands 120 | 121 | **GitHub Desktop** 122 | 123 | ``` 124 | Explain the difference between GitHub Desktop and github.com 125 | ``` 126 | ``` 127 | Describe the available features with GitHub Desktop 128 | ``` 129 | 130 | **GitHub Mobile** 131 | 132 | ``` 133 | Describe the available features with GitHub Mobile 134 | ``` 135 | ``` 136 | Explain how to manage notifications through the GitHub Mobile app 137 | ``` 138 | 139 | ## Domain 2: Working with GitHub Repositories 140 | 141 | ``` 142 | Understanding GitHub Repositories 143 | ``` 144 | ``` 145 | Describe the components of a good README and the recommended repository files (LICENSE, CONTRIBUTING, 146 | CODEOWNERS) 147 | ``` 148 | ``` 149 | Explain basic repository navigation 150 | ``` 151 | ``` 152 | Explain how to create a new repository 153 | ``` 154 | ``` 155 | Describe repository templates 156 | ``` 157 | ``` 158 | Describe the different features to maintaining a repository 159 | ``` 160 | ``` 161 | Describe how to clone a repository 162 | ``` 163 | ``` 164 | Describe how to create a new branch 165 | ``` 166 | ``` 167 | Explain how to add files to a repository 168 | ``` 169 | ``` 170 | Identify how to view repository insights 171 | ``` 172 | ``` 173 | Explain how to save a repository with stars 174 | ``` 175 | ``` 176 | Explain feature previews 177 | ``` 178 | ## Domain 3: Collaboration Features 179 | 180 | ``` 181 | Issues 182 | ``` 183 | ``` 184 | Describe how to link a PR to an issue 185 | ``` 186 | ``` 187 | Describe how to create an issue 188 | ``` 189 | ``` 190 | Describe the difference between an issue, discussion, and pull request 191 | ``` 192 | ``` 193 | Explain how to create a branch from an issue 194 | ``` 195 | ``` 196 | Identify how to assign issues 197 | ``` 198 | ``` 199 | Describe how to search and filter issues 200 | ``` 201 | ``` 202 | Describe how to pin an issue 203 | ``` 204 | ``` 205 | Explain basic issue management 206 | ``` 207 | ``` 208 | Explain the difference between issue templates and issue forms 209 | ``` 210 | ``` 211 | Explain how to use keywords in issues 212 | ``` 213 | 214 | **Pull requests** 215 | ``` 216 | Describe a pull request 217 | ``` 218 | ``` 219 | Explain how to create a new pull request 220 | ``` 221 | ``` 222 | Describe the `base` and `compare` branches in a pull request 223 | ``` 224 | ``` 225 | Explain the relationship of commits on a pull request 226 | ``` 227 | ``` 228 | Describe draft pull requests 229 | ``` 230 | ``` 231 | Describe the purpose of the pull request tabs (conversation, commits, checks, files changed) 232 | ``` 233 | ``` 234 | Identify how to link activity within a pull request 235 | ``` 236 | ``` 237 | Explain the different pull request statuses 238 | ``` 239 | ``` 240 | Recognize how to comment on a posted link to a line or lines of code from a file 241 | ``` 242 | ``` 243 | Describe code review with a codeowners file 244 | ``` 245 | ``` 246 | Explain the different options for providing a code review on a pull request (comment, approve, request changes, suggested changes) 247 | ``` 248 | **Discussions** 249 | ``` 250 | Describe the difference between discussions and issues 251 | ``` 252 | ``` 253 | Explain the options available with discussions (announcements, ideas, polls, Q&A, show and tell) 254 | ``` 255 | ``` 256 | Identify how to mark a comment as an answer to a discussion 257 | ``` 258 | ``` 259 | Explain how to convert a discussion to an issue 260 | ``` 261 | ``` 262 | Recognize how to pin a discussion 263 | ``` 264 | 265 | **Notifications** 266 | 267 | ``` 268 | Describe how to manage notification subscriptions 269 | ``` 270 | ``` 271 | Explain how to subscribe to notification threads 272 | ``` 273 | ``` 274 | Describe how to find threads where you are at-mentioned 275 | ``` 276 | ``` 277 | Identify the notification filtering options 278 | ``` 279 | ``` 280 | Explain the different notification configuration options 281 | ``` 282 | 283 | ``` 284 | Gists, Wikis, and GitHub Pages 285 | ``` 286 | ``` 287 | Explain how to create a GitHub gist 288 | ``` 289 | ``` 290 | Describe how to fork and clone a gist 291 | ``` 292 | ``` 293 | Explain GitHub Wiki pages 294 | ``` 295 | ``` 296 | Describe how to create, edit, and delete wiki pages 297 | ``` 298 | ``` 299 | Explain the visibility of wiki pages 300 | ``` 301 | ``` 302 | Describe GitHub Pages 303 | ``` 304 | ## Domain 4: Modern Development 305 | 306 | ``` 307 | GitHub Actions 308 | ``` 309 | ``` 310 | Describe GitHub Actions (basic understanding) 311 | ``` 312 | ``` 313 | Explain where you can use GitHub Actions within GitHub (general event types) 314 | ``` 315 | ``` 316 | Explain where you can find existing GitHub Actions 317 | ``` 318 | ``` 319 | GitHub Copilot 320 | ``` 321 | ``` 322 | Describe GitHub Copilot 323 | ``` 324 | ``` 325 | Describe the difference between GitHub Copilot for Individuals and GitHub Copilot for Business 326 | ``` 327 | ``` 328 | Explain how to get started using GitHub Copilot 329 | ``` 330 | ``` 331 | GitHub Codespaces 332 | ``` 333 | ``` 334 | Describe GitHub Codespaces 335 | ``` 336 | ``` 337 | Identify how do to start a GitHub codespace 338 | ``` 339 | ``` 340 | Describe the codespace lifecycle 341 | ``` 342 | ``` 343 | Describe the different customizations you can personalize with GitHub Codespaces 344 | ``` 345 | ``` 346 | Recognize how to add and configure dev containers 347 | ``` 348 | ``` 349 | Identify how to share a deep link to a GitHub codespace 350 | ``` 351 | ``` 352 | Explain how to use the github.dev editor 353 | ``` 354 | ``` 355 | Explain the differences between the github.dev editor and a GitHub Codespace 356 | ``` 357 | 358 | ## Domain 5: Project Management 359 | 360 | ``` 361 | Manage your work with GitHub Projects 362 | ``` 363 | ``` 364 | Describe GitHub Projects 365 | ``` 366 | ``` 367 | Explain the layout options for projects 368 | ``` 369 | ``` 370 | Describe the configuration options for projects 371 | ``` 372 | ``` 373 | Explain the difference between projects and projects classic 374 | ``` 375 | ``` 376 | Explain the use of labels 377 | ``` 378 | ``` 379 | Explain the use of milestones 380 | ``` 381 | ``` 382 | Describe how to use and create template repos 383 | ``` 384 | ``` 385 | Explain how to create, edit, and delete saved replies 386 | ``` 387 | ``` 388 | Describe the benefits of using a saved reply 389 | ``` 390 | ``` 391 | Recognize how to add assignees to issues and pull requests 392 | ``` 393 | ``` 394 | Explain how to use project workflows 395 | ``` 396 | ``` 397 | Describe project insights 398 | ``` 399 | ## Domain 6: Privacy, Security, and Administration 400 | 401 | ``` 402 | Authentication and Security 403 | ``` 404 | ``` 405 | Explain how to secure your account with 2FA 406 | ``` 407 | ``` 408 | Describe the different access permissions 409 | ``` 410 | ``` 411 | Explain EMUs (Enterprise Managed Users) 412 | ``` 413 | ``` 414 | GitHub Administration 415 | ``` 416 | ``` 417 | Explain how to enable and disable features 418 | ``` 419 | ``` 420 | Recognize repository permission levels 421 | ``` 422 | ``` 423 | Identify the options for repository visibility 424 | ``` 425 | ``` 426 | Explain repository privacy setting options (branch protections, codeowners, required reviewers) 427 | ``` 428 | ``` 429 | Describe the main features and options in the Security tab 430 | ``` 431 | ``` 432 | Define repository insights 433 | ``` 434 | ``` 435 | Explain how to manage collaborators 436 | ``` 437 | 438 | ## Domain 7: Benefits of the GitHub Community 439 | 440 | ``` 441 | Describe the benefits of the open source community 442 | ``` 443 | ``` 444 | Describe open source 445 | ``` 446 | ``` 447 | Describe GitHub Sponsors 448 | ``` 449 | ``` 450 | Describe how GitHub advances open source projects 451 | ``` 452 | ``` 453 | Identify how to follow people (receive notifications, discover projects in their community) 454 | ``` 455 | ``` 456 | Explain how to follow organizations (receive notifications about their activity) 457 | ``` 458 | ``` 459 | Describe the GitHub Marketplace and its purpose 460 | ``` 461 | ``` 462 | Describe how to apply the benefits of open source 463 | ``` 464 | ``` 465 | Describe InnerSource 466 | ``` 467 | ``` 468 | Identify the differences between InnerSource and open source 469 | ``` 470 | ``` 471 | Describe forking 472 | ``` 473 | ``` 474 | Describe the components of a discoverable repository 475 | ``` 476 | ``` 477 | Describe when to use issue templates 478 | ``` 479 | ``` 480 | Describe when to use pull request templates 481 | ``` 482 | ``` 483 | Explain how to manage organization settings 484 | ``` 485 | ``` 486 | Describe members, teams, and roles in a GitHub organization 487 | ``` 488 | 489 | --------------------------------------------------------------------------------