GitHub Advanced Security Certification Guide

Introduction

This exam is designed for experienced professionals in the field of software development and security. This certification is designed for individuals who have a deep understanding of GitHub and its security features, as well as hands-on experience in securing software development workflows.

The exam is 120 minutes long. The exam consists of around 70 multiple-choice questions, of which only 60 are scored and contribute to your final score. The exam can be taken online (proctored, available through PSI) or in person (available at select testing centers). An official passing score is not provided (my guess is around 70% based on my result). You can reschedule or cancel your exam up to 48 hours before your scheduled exam time. If you fail the exam, you must wait 24 hours before attempting the first retake. After that, you must wait 14 days between each consecutive retake. There is a limit of 5 total attempts.

Passing the exam will grant you the GitHub Advanced Security certification, and a badge and a certificate from Credly. The certification is valid for 3 years.

Exam Topics Percentages
Domain 1: Describe the GHAS security features and functionality 10%
Domain 2: Configure and use secret scanning 10%
Domain 3: Configure and use dependency management 15%
Domain 4: Configure and use code scanning 15%
Domain 5: Use code scanning with CodeQL 20%
Domain 6: Describe GitHub Advanced Security best practices 20%
Domain 7: Configure GitHub Advanced Security tools in GitHub Enterprise 10%

Most of the information about GitHub certification exams is available on the GitHub Certification Program FAQs page.

A results report will be available immediately after completing the exam. It includes an overall score that shows you how many answers you got right, and a breakdown of your score by topic, to help you identify the areas where you need to improve.

Official Material

• Certification Study Guide
• Microsoft Learning Path (This is good)
• GitHub Skills
• Essentials of GitHub Advanced Security
• Intermediate GitHub Advanced Security
• Advanced GitHub Advanced Security

Video Trainings/Tutorials

• GitHub Advanced Security (GHAS) – LinkedIn Learning
  • This is an introductory course.
• GitHub Advanced Security Cert Prep by Microsoft Press – LinkedIn Learning
  • This is a thorough course, very detailed.
• YouTube Videos
  • Achieving DevSecOps with GitHub Advanced Security
  • Github Advanced Security
  • GitHub Advanced Security implemented in 30 minutes #DemoDays
  • Find bugs in your code with CodeQL
  • GitHub Advanced Security Exam Preparation

Practice Tests

• Ghcertified Practice Tests (Free)
• Some more questions (Free)
• Udemy Practice Tests (Paid)

Conclusion

The exam is not difficult, however sound preparation for all topics mentioned in the Certification Study Guide is necessary. It is helping me to harden security for my code. Check out my credentials.