📅 90-Day GitHub Advanced Security Study Plan

Comprehensive 90-day plan for the GitHub Advanced Security certification.

About This Study Plan

This 90-day study plan breaks the GH-SECURITY (Advanced Security) exam preparation into 3 focused study sessions with 12 actionable tasks. The plan covers all 5 exam domains — Describe GHAS, Configure and Use Code Scanning, Configure and Use Secret Scanning, Configure and Use Dependency Management, GHAS Administration — ensuring complete coverage. Comprehensive 90-day plan for the GitHub Advanced Security certification.

3Study Sessions
12Total Tasks
5Domains Covered

Prerequisites

  • GitHub user experience
  • Interest in application security
  • 30–60 minutes per day

Study Schedule

Month 1Security Fundamentals
  • Weeks 1–2: Application security basics — OWASP Top 10, vulnerability types
  • Week 3: GitHub security features overview and GHAS licensing
  • Week 4: Code scanning setup, CodeQL basics, and alert interpretation
  • End of month: Set up GHAS on a practice repository
Month 2Deep Dive Features
  • Week 5: CodeQL advanced — custom queries, packs, and third-party tools
  • Week 6: Secret scanning — patterns, push protection, and custom patterns
  • Week 7: Supply chain — Dependabot, dependency graph, SBOM, advisories
  • Week 8: Security policies, governance, and org-level configuration
Month 3Integration & Exam Prep
  • Week 9: End-to-end workflows — PR checks, blocking merges, and remediation
  • Week 10: Security overview dashboard and metrics for leadership
  • Week 11: Practice exam #1 + review
  • Week 12: Practice exam #2, feature comparison drills, and final prep

Study Tips

💡

This cert requires both security knowledge AND GitHub platform knowledge.

💡

Practice interpreting real CodeQL alerts and understanding fix recommendations.

💡

Supply chain security is increasingly important — know the full Dependabot ecosystem.

Recommended GitHub Study Resources

Supplement this study plan with the GitHub Skills interactive courses at skills.github.com, which provide hands-on practice in real repositories. The official GitHub documentation (docs.github.com) is comprehensive and regularly updated. For Actions certification, study the workflow syntax reference and build at least three different CI/CD pipelines from scratch.

Ready to Practice?

Put your study plan into action with Advanced Security practice questions.

Start Practice Quiz →Take Mock Exam

Other Study Plans

7 Days

7-Day GitHub Advanced Security Crash Plan

30 Days

30-Day GitHub Advanced Security Study Plan

← Advanced Security Study HubFree Mock Exam