-
Notifications
You must be signed in to change notification settings - Fork 151
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
1c11c7c
commit 7110142
Showing
9 changed files
with
108 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| archetype: "questions" | ||
| title: "Question 042" | ||
| question: "Which of these isn't true about secret scanning?" | ||
| draft: false | ||
| --- | ||
|
|
||
| > https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning | ||
| 1. [x] Secret scanning is a tool for secure secret storage and management. | ||
| 1. [ ] Secret scanning will scan your entire Git history on all branches present in your GitHub repository for secrets. | ||
| 1. [ ] Secret scanning will scan titles, descriptions, and comments, in open and closed historical issues. | ||
| 1. [ ] Secret scanning can prevent supported secrets from being pushed into your enterprise, organization, or repository. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| question: "Which top-level keys are required in the `dependabot.yml` file?" | ||
| archetype: "questions" | ||
| title: "Question 043" | ||
| draft: false | ||
| --- | ||
|
|
||
| > https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#about-the-dependabotyml-file | ||
| 1. [x] `version` and `updates` | ||
| 2. [ ] `version` and `package-ecosystem` | ||
| 3. [ ] `assignees` and `directory` | ||
| 4. [ ] `updates` and `directory` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| question: "Which GitHub Actions can be used to upload a third-party SARIF file?" | ||
| archetype: "questions" | ||
| title: "Question 044" | ||
| draft: false | ||
| --- | ||
|
|
||
| > https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions | ||
| 1. [x] `upload-sarif` | ||
| 2. [ ] `codeql-upload-sarif` | ||
| 2. [ ] `github/codeql-action` | ||
| 3. [ ] `actions/upload-sarif` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| question: "Which of the following tools can be used for code analysis in a third-party CI system to upload results to GitHub?" | ||
| archetype: "questions" | ||
| title: "Question 045" | ||
| draft: false | ||
| --- | ||
|
|
||
| > https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system#about-using-code-scanning-with-your-existing-ci-system | ||
| 1. [x] CodeQL CLI | ||
| 2. [ ] CodeQL API | ||
| 2. [ ] GitHub Actions `github/codeql-action` | ||
| 3. [ ] GitHub CLI |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| question: "What is required for a CI server to upload results to GitHub?" | ||
| archetype: "questions" | ||
| title: "Question 046" | ||
| draft: false | ||
| --- | ||
|
|
||
| > https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system#generating-a-token-for-authentication-with-github | ||
| 1. [x] A GitHub App or personal access token with `security_events` write permission. | ||
| 2. [ ] A direct connection to the GitHub Advisory Database. | ||
| 2. [ ] Administrator access to the GitHub repository. | ||
| 3. [ ] A special plugin installed in the CI system. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| question: "In the context of uploading SARIF results to GitHub, what happens when a second SARIF results file is uploaded for a commit?" | ||
| archetype: "questions" | ||
| title: "Question 047" | ||
| draft: false | ||
| --- | ||
|
|
||
| > https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system#generating-a-token-for-authentication-with-github | ||
| 1. [x] It replaces the original set of data. | ||
| 2. [ ] It appends the results to the existing file. | ||
| 2. [ ] It creates a new branch in the repository | ||
| 3. [ ] It is ignored by GitHub. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| question: "How can users exclude specific directories from secret scanning alerts in GitHub?" | ||
| archetype: "questions" | ||
| title: "Question 048" | ||
| draft: false | ||
| --- | ||
|
|
||
| > https://docs.github.com/en/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#excluding-directories-from-secret-scanning-alerts-for-users | ||
| 1. [x] By configuring a `secret_scanning.yml` file, under the `.github` path in the repository. | ||
| 2. [ ] Through the repository's `Security` tab, in the `Secret scanning` menu. | ||
| 2. [ ] Through the repository's `Settings` tab, in the `Code security and analysys` menu. | ||
| 3. [ ] By modifying the project's `README.md` file. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| question: "What YAML syntax should be used in a `secret_scanning.yml` file to exclude directories from secret scanning alerts in GitHub?" | ||
| archetype: "questions" | ||
| title: "Question 049" | ||
| draft: false | ||
| --- | ||
|
|
||
| > https://docs.github.com/en/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#excluding-directories-from-secret-scanning-alerts-for-users | ||
| 1. [x] `paths-ignore:` | ||
| 2. [ ] `paths-exclude:` | ||
| 3. [ ] `ignore-directories` | ||
| 4. [ ] `exclude-paths:` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| question: "What is the maximum number of custom patterns that can be defined for secret scanning in GitHub?" | ||
| archetype: "questions" | ||
| title: "Question 050" | ||
| draft: false | ||
| --- | ||
|
|
||
| > https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#about-custom-patterns-for-secret-scanning | ||
| 1. [x] 500 for organizations/enterprises and 100 for repositories | ||
| 2. [ ] 500 for repositories and 100 for organizations/enterprises | ||
| 3. [ ] 100 for both organizations/enterprises and repositories | ||
| 4. [ ] There's no limit to the number of custom patterns you can define for secret scanning. |