This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Choose the best response for each question,
What's the best way to make sure you're integrating the most secure versions of your project dependencies?
Configure your package files to always use the latest versions of dependencies.
Check each project's security details closely before adding it to your dependencies by confirming its version status across multiple advisory sites.
Enable Dependabot for your repository.
Suppose one of your source projects relies on secrets kept in a folder called .secrets. You would like to make sure that the files kept in this folder on development machines aren't inadvertently committed to the repository. Which of these files best helps enforce this policy?
.secrets
SECURITY.md
.gitignore
CONTRIBUTING.md
What does secret scanning do?
Looks for known secrets or credentials committed within the repository.
Analyzes and finds security vulnerabilities and errors in the code in a GitHub repository.
Secret scanning uses CodeQL to query your code as data.
You must answer all questions before checking your work.
Was this page helpful?