Practice vocabulary for GitHub security features including Dependabot, secret scanning, GHAS, code scanning alerts, and branch protection rules.
0 / 5 completed
1 / 5
The GitHub feature that automatically opens pull requests to update vulnerable dependencies is called _____.
Dependabot monitors your dependency files and automatically opens pull requests to update packages with known vulnerabilities, reducing exposure to supply-chain attacks.
2 / 5
A 'secret scanning alert' on GitHub means that _____.
GitHub's secret scanning detects accidentally committed credentials (API keys, tokens, passwords) and alerts the team so the secret can be rotated immediately.
3 / 5
GHAS stands for _____ and provides code scanning, secret scanning, and dependency review.
GitHub Advanced Security (GHAS) is a suite of security features — including CodeQL-powered code scanning, secret scanning, and dependency review — available for enterprise and public repositories.
4 / 5
When a code scanning alert is marked as a 'false positive', it means _____.
A false positive is a security alert where the tool incorrectly identified a vulnerability — the code is flagged but is safe in practice, so the alert can be dismissed with a documented rationale.
5 / 5
Branch protection rules on the main branch are typically configured to _____.
Branch protection rules enforce policies such as required reviews, passing CI checks, and blocking force-pushes — protecting the main branch from accidental or malicious overwrites.