What YAML syntax do you use to exclude certain files from secret scanning?
Which Dependabot configuration fields are required? (Each answer presents part of the solution. Choose three.)
When using CodeQL, how does extraction for compiled languages work?
Which of the following options are code scanning application programming interface (API) endpoints? (Each answer presents part of the solution. Choose two.)
When secret scanning detects a set of credentials on a public repository, what does GitHub do?
As a developer, you need to configure a code scanning workflow for a repository where GitHub Advanced Security is enabled. What minimum repository permission do you need?
Where can you view code scanning results from CodeQL analysis?
You are a maintainer of a repository and Dependabot notifies you of a vulnerability. Where could the vulnerability have been disclosed? (Each answer presents part of the solution. Choose two.)
Which CodeQL query suite provides queries of lower severity than the default query suite?
Which alerts do you see in the repository's Security tab? (Each answer presents part of the solution. Choose three.)
A secret scanning alert should be closed as "used in tests" when a secret is:
What do you need to do before you can define a custom pattern for a repository?
When using the advanced CodeQL code scanning setup, what is the name of the workflow file?
Which of the following information can be found in a repository's Security tab?
What does a CodeQL database of your repository contain?
Which of the following is the best way to prevent developers from adding secrets to the repository?
When does Dependabot alert you of a vulnerability in your software development process?
How many alerts are created when two instances of the same secret value are in the same repository?
Which of the following statements best describes secret scanning push protection?
Where can you use CodeQL analysis for code scanning? (Each answer presents part of the solution. Choose two.)
What role is required to change a repository's code scanning severity threshold that fails a pull request status check?
Assuming there is no custom Dependabot behavior configured, where possible, what does Dependabot do after sending an alert about a vulnerable dependency in a repository?