About This Domain
Domain 2 — Configure and Use Code Scanning — accounts for 25% of the GH-SECURITY certification exam. This domain evaluates your understanding of codeql analysis workflow, default vs custom configurations, alert management and triage, and related concepts. CodeQL and code scanning.
What You'll Be Tested On
- CodeQL analysis workflow
- Default vs custom configurations
- Alert management and triage
- Third-party SARIF integration
Key GitHub Features in This Domain
Study Strategy for Domain 2
This domain represents 25% of the total exam, making it a significant scoring area.
Exam Tips for Domain 2
Know how to set up code scanning: default setup (auto) vs advanced (custom workflow).
Frequently Asked Questions
How many questions come from Domain 2?
Domain 2 (Configure and Use Code Scanning) makes up 25% of the GH-SECURITY exam.
What should I focus on for Domain 2?
Key features include Code Scanning.
How should I prepare for Configure and Use Code Scanning questions?
Review key topics, then practice with domain-specific questions focusing on real-world scenarios.
What's the best order to study GH-SECURITY domains?
Start with highest-weighted: Describe GHAS (10%), Configure and Use Code Scanning (25%), Configure and Use Secret Scanning (25%), Configure and Use Dependency Management (25%), GHAS Administration (15%).
Practice Domain 2 Questions
Test your knowledge of Configure and Use Code Scanning with practice questions from our GH-SECURITY question bank.
Start Practice Quiz →