About This Study Plan
This 30-day study plan breaks the GH-SECURITY (Advanced Security) exam preparation into 4 focused study sessions with 16 actionable tasks. The plan covers all 5 exam domains — Describe GHAS, Configure and Use Code Scanning, Configure and Use Secret Scanning, Configure and Use Dependency Management, GHAS Administration — ensuring complete coverage. Structured 30-day plan for the GitHub Advanced Security certification.
Prerequisites
- GitHub and Actions experience
- Basic security awareness
- 1–2 hours per day
Study Schedule
- Days 1–2: GHAS overview, licensing, and enabling features
- Days 3–4: CodeQL basics — setup, supported languages, analysis
- Days 5–6: Code scanning alerts, severity, dismissals, and auto-fix
- Day 7: Set up code scanning on a test repository
- Days 8–9: Secret scanning — patterns, partner alerts, custom patterns
- Days 10–11: Push protection — configuration and bypass scenarios
- Days 12–13: Dependabot alerts, security updates, and dependency review
- Day 14: Dependency graph, SBOM, and advisory database
- Days 15–16: CodeQL advanced — custom queries and query packs
- Days 17–18: Security configurations and org-level enablement
- Days 19–20: Security overview, metrics, and posture management
- Day 21: Private vulnerability reporting and SECURITY.md
- Days 22–23: End-to-end security workflow practice
- Days 24–25: Full practice exam #1 + review
- Days 26–27: Full practice exam #2 + weak areas
- Days 28–30: Feature comparison charts, flashcards, and rest
Study Tips
Enable GHAS features on a test repo and trigger real alerts.
Know the alert lifecycle: open → dismissed → fixed — and what triggers each.
Understand org-level security configurations vs repo-level settings.
Recommended GitHub Study Resources
Supplement this study plan with the GitHub Skills interactive courses at skills.github.com, which provide hands-on practice in real repositories. The official GitHub documentation (docs.github.com) is comprehensive and regularly updated. For Actions certification, study the workflow syntax reference and build at least three different CI/CD pipelines from scratch.
Ready to Practice?
Put your study plan into action with Advanced Security practice questions.