About This Study Plan

This 7-day study plan breaks the GH-SECURITY (Advanced Security) exam preparation into 7 focused study sessions with 28 actionable tasks. The plan covers all 5 exam domains — Describe GHAS, Configure and Use Code Scanning, Configure and Use Secret Scanning, Configure and Use Dependency Management, GHAS Administration — ensuring complete coverage. Intensive 7-day review for the GitHub Advanced Security certification covering code scanning, secret scanning, supply chain security, and security policies.

7Study Sessions

28Total Tasks

5Domains Covered

Prerequisites

GitHub Actions experience
Application security fundamentals
4–6 hours per day

Study Schedule

Day 1GitHub Advanced Security Overview

GHAS features: code scanning, secret scanning, Dependabot, supply chain
GHAS licensing: which features are free vs GHAS-required
Security overview dashboard and org-level security posture
Enabling GHAS features at repo and org level

Day 2Code Scanning & CodeQL

CodeQL: what it is, supported languages, and how it works
Setting up code scanning with default and advanced setups
CodeQL queries: structure, packs, and custom queries
Interpreting code scanning alerts and dismissal reasons

Day 3Secret Scanning

Secret scanning: supported patterns and partner programs
Push protection: blocking secrets before they are committed
Custom secret scanning patterns (regex)
Alert management: revoking, resolving, and audit trail

Day 4Supply Chain Security

Dependabot alerts, security updates, and version updates
Dependency graph and SBOM (Software Bill of Materials)
Dependency review action for PRs
Advisory database, security advisories, and CVE process

Day 5Security Policies & Governance

Security policies: SECURITY.md and private vulnerability reporting
Repository security settings and required workflows
Organization security configurations and enablement
Compliance: audit logs, data residency, and regulatory needs

Day 6Practice Exam

Take a full practice exam
Review all incorrect answers
Focus on CodeQL setup and alert management
Review supply chain security scenarios

Day 7Final Review

GHAS feature comparison chart
CodeQL workflow YAML reference
Secret scanning patterns list
Rest before exam

Study Tips

💡

Know which features require GHAS license vs which are free for public repos.

💡

CodeQL is central — understand the workflow setup and query structure.

💡

Push protection for secrets is heavily tested — know how it works and override scenarios.

Recommended GitHub Study Resources

Supplement this study plan with the GitHub Skills interactive courses at skills.github.com, which provide hands-on practice in real repositories. The official GitHub documentation (docs.github.com) is comprehensive and regularly updated. For Actions certification, study the workflow syntax reference and build at least three different CI/CD pipelines from scratch.