Skip to content

Commit

Permalink
add new GHAS questions
Browse files Browse the repository at this point in the history
  • Loading branch information
garysassano committed Jan 8, 2024
1 parent 1c11c7c commit 474bd16
Show file tree
Hide file tree
Showing 9 changed files with 108 additions and 0 deletions.
12 changes: 12 additions & 0 deletions content/questions/advanced_security/question-042.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
archetype: "questions"
title: "Question 042"
question: "Which of these statements isn't true about secret scanning on GitHub?"
draft: false
---

> https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning
1. [x] Secret scanning is a tool for secure secret storage and management.
1. [ ] Secret scanning will scan your entire Git history on all branches present in your GitHub repository for secrets.
1. [ ] Secret scanning will scan titles, descriptions, and comments, in open and closed historical issues.
1. [ ] Secret scanning can prevent supported secrets from being pushed into your enterprise, organization, or repository.
12 changes: 12 additions & 0 deletions content/questions/advanced_security/question-043.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
question: "Which top-level keys are required in the `dependabot.yml` file?"
archetype: "questions"
title: "Question 043"
draft: false
---

> https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#about-the-dependabotyml-file
1. [x] `version` and `updates`
2. [ ] `version` and `package-ecosystem`
3. [ ] `assignees` and `directory`
4. [ ] `updates` and `directory`
12 changes: 12 additions & 0 deletions content/questions/advanced_security/question-044.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
question: "Which GitHub Actions can be used to upload a third-party SARIF file?"
archetype: "questions"
title: "Question 044"
draft: false
---

> https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions
1. [x] `upload-sarif`
2. [ ] `codeql-upload-sarif`
2. [ ] `github/codeql-action`
3. [ ] `actions/upload-sarif`
12 changes: 12 additions & 0 deletions content/questions/advanced_security/question-045.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
question: "Which of the following tools can be used for code analysis in a third-party CI system to upload results to GitHub?"
archetype: "questions"
title: "Question 045"
draft: false
---

> https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system#about-using-code-scanning-with-your-existing-ci-system
1. [x] CodeQL CLI
2. [ ] CodeQL API
2. [ ] GitHub Actions `github/codeql-action`
3. [ ] GitHub CLI
12 changes: 12 additions & 0 deletions content/questions/advanced_security/question-046.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
question: "What is required for a CI server to upload results to GitHub?"
archetype: "questions"
title: "Question 046"
draft: false
---

> https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system#generating-a-token-for-authentication-with-github
1. [x] A GitHub App or personal access token with `security_events` write permission.
2. [ ] A direct connection to the GitHub Advisory Database.
2. [ ] Administrator access to the GitHub repository.
3. [ ] A special plugin installed in the CI system.
12 changes: 12 additions & 0 deletions content/questions/advanced_security/question-047.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
question: "In the context of uploading SARIF results to GitHub, what happens when a second SARIF results file is uploaded for a commit?"
archetype: "questions"
title: "Question 047"
draft: false
---

> https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system#generating-a-token-for-authentication-with-github
1. [x] It replaces the original set of data.
2. [ ] It appends the results to the existing file.
2. [ ] It creates a new branch in the repository
3. [ ] It is ignored by GitHub.
12 changes: 12 additions & 0 deletions content/questions/advanced_security/question-048.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
question: "How can users exclude specific directories from secret scanning alerts on GitHub?"
archetype: "questions"
title: "Question 048"
draft: false
---

> https://docs.github.com/en/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#excluding-directories-from-secret-scanning-alerts-for-users
1. [x] By configuring a `secret_scanning.yml` file, under the `.github` path in the repository.
2. [ ] Through the repository's `Security` tab, in the `Secret scanning` menu.
2. [ ] Through the repository's `Settings` tab, in the `Code security and analysys` menu.
3. [ ] By editing the repository's `README.md` file.
12 changes: 12 additions & 0 deletions content/questions/advanced_security/question-049.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
question: "What YAML syntax should be used in a `secret_scanning.yml` file to exclude directories from secret scanning alerts in GitHub?"
archetype: "questions"
title: "Question 049"
draft: false
---

> https://docs.github.com/en/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#excluding-directories-from-secret-scanning-alerts-for-users
1. [x] `paths-ignore:`
2. [ ] `paths-exclude:`
3. [ ] `ignore-directories`
4. [ ] `exclude-paths:`
12 changes: 12 additions & 0 deletions content/questions/advanced_security/question-050.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
question: "What is the maximum number of custom patterns that can be defined for secret scanning on GitHub?"
archetype: "questions"
title: "Question 050"
draft: false
---

> https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#about-custom-patterns-for-secret-scanning
1. [x] 500 for organizations/enterprises and 100 for repositories.
2. [ ] 100 for organizations/enterprises and 500 for repositories.
3. [ ] 100 for both organizations/enterprises and repositories.
4. [ ] There's no limit to the number of custom patterns you can define for secret scanning in GitHub.

0 comments on commit 474bd16

Please sign in to comment.