Certification

GitHub Advanced Security

This exam is designed for experienced professionals in the field of software development and security. This certification is designed for individuals who have a deep understanding of GitHub and its security features, as well as hands-on experience in securing software development workflows.

At a glance

Level

Intermediate
Product

GitHub
Role

Administrator Developer DevOps Engineer Solution Architect Student
Subject

DevOps
Last Updated

05/04/2026

Overview

Candidates for this exam have experience using GitHub Advanced Security (GHAS) to secure code, secrets, and dependencies across the software development lifecycle. They can configure security features, triage and remediate alerts, and apply prevention-first practices using policies, workflows, and automation. Candidates are familiar with GitHub fundamentals, CI/CD, and secure development concepts.

EXAM SANDBOX
Experience demo
Experience the look and feel of the exam before taking it. You'll be able to interact with different question types in the same user interface you'll use during the exam.

Launch the sandbox

Important

This exam is provided by Microsoft, but the exam and associated certification are maintained by GitHub. Learn more about GitHub’s privacy policy.

Skills earned upon completion

Prepare for the exam

Hide completed

Practice for the exam

Practice Assessment

Assess your knowledge

Practice assessments provide you with an overview of the style, wording, and difficulty of the questions you're likely to experience on the exam. Through these assessments, you're able to assess your readiness, determine where additional preparation is needed, and fill knowledge gaps bringing you one step closer to the likelihood of passing your exam.

Take the practice assessment

Take the exam

You will have 100 minutes to complete this assessment.

Exam policy

This exam will be proctored. You may have interactive components to complete as part of this exam. To learn more about exam duration and experience, visit: Exam duration and exam experience.

If you fail a certification exam, don’t worry. You can retake it 24 hours after the first attempt. For subsequent retakes, the amount of time varies. For full details, visit: Exam retake policy.

Assessed on this exam

Domain 1: Describe GitHub Security Suites, Features, and Ecosystem (15–20%)
Domain 2: Configure and Use Secret Protection (formerly secret scanning) (15–20%)
Domain 3: Configure and Use Supply Chain Security (formerly Dependabot/Dependency Review) (15–20%)
Domain 4: Configure and Use Code Security (formerly Code Scanning with CodeQL) (10–15%)
Domain 5: Security Operations: Best Practices, Prioritization, and Remediation (15–20%)
Domain 6: GitHub Security Suites Administration (10–15%)

Need accommodations?

We offer a variety of accommodations to support you.

Learn More

This exam is offered in the following languages:

English, Spanish, Portuguese (Brazil), Korean, Japanese

Schedule through Pearson Vue

Schedule exam

We strongly recommend that you register for an exam with a personal MSA account. If you register with an organizational (work/school) AAD account, your exam records will be lost if you leave your organization and they will be unrecoverable.

Price based on the country or region in which the exam is proctored.

Certification resources

Exam GH-500 study guide

Focus your studies as you prepare for the exam. Review the study guide to learn about the topics the exam covers, updates, and additional resources.

Certification poster

Check out an overview of fundamentals, role-based, and specialty certifications.

Exam Replay

Boost your odds of success with this great offer.

Support for credentials

Get help through Microsoft Credentials support forums. A forum moderator will respond in one business day, Monday–Friday.

Choose your Microsoft Credential

Microsoft Applied Skills or Microsoft Certifications? Choose the path that fits your career goals, desired skillset, and schedule.