Previous

Next

Knowledge check

Completed

Choose the best response for each question, then select Check your answers.

Check your knowledge

1.

What's the best way to make sure you're integrating the most secure versions of your project dependencies?

Configure your package files to always use the latest versions of dependencies.

Check each project's security details closely before adding it to your dependencies by confirming its version status across multiple advisory sites.

Enable Dependabot for your repository.

2.

Suppose one of your source projects relies on secrets kept in a folder called .secrets. You would like to make sure that the files kept in this folder on development machines aren't inadvertently committed to the repository. Which of these files best helps enforce this policy?

SECURITY.md

.gitignore

CONTRIBUTING.md

3.

What does secret scanning do?

Looks for known secrets or credentials committed within the repository.

Analyzes and finds security vulnerabilities and errors in the code in a GitHub repository.

Secret scanning uses CodeQL to query your code as data.

You must answer all questions before checking your work.

Continue