A.  

Push protection

B.  

Validity checks

C.  

Branch protection

D.  

Custom patterns

A.  

rebase-strategy

B.  

commit-message

C.  

assignees

D.  

package-ecosystem

A.  

Push protection must be enabled for all, or none, of a repository's custom patterns.

B.  

Push protection is an opt-in experience for each custom pattern.

C.  

Push protection is not available for custom patterns.

D.  

Push protection is enabled by default for new custom patterns.​

A.  

The security impact of these changes

B.  

An easily understandable visualization of dependency change

C.  

How many projects use these components

D.  

A brief description of the vulnerability

A.  

Creating a pull request to resolve the vulnerability that will be approved and merged

B.  

Viewing the Dependabot alert on the Dependabot alerts tab of your repository

C.  

Viewing the dependency graph

D.  

Leaving the repository in its current state

A.  

Process alerts

B.  

Analyze code

C.  

Upload scan results

D.  

Install the CLI

E.  

Write queries

A.  

Create a CODEOWNERS file

B.  

Make the repository public

C.  

Configure a security manager

D.  

Enable push protection

A.  

It notifies the service provider who issued the secret.

B.  

It displays a public alert in the Security tab of the repository.

C.  

It scans the contents of the commits for additional secrets.

D.  

It sends a notification to repository members.

A.  

Provide a regular expression for the format of your secret pattern.

B.  

Add a secret scanning custom pattern.

C.  

Enable secret scanning on the repository.

D.  

Provide match requirements for the secret format.​

Stack Overflow

A.  

The repository must be private.

B.  

Secret scanning must be enabled on the repository.

C.  

Developers must actively maintain the repository.

D.  

The workflow file must exist in that branch.

A.  

- '/*.md'

B.  

- '/*.txt'

C.  

paths:

D.  

paths-ignore:

E.  

- 'docs/*.md'

A.  

Dependencies parsed from a repository's manifest and lock files.

B.  

Annotated code scanning alerts from your repository's dependencies.

C.  

A summary of the dependencies used in your organization's repositories.

D.  

Dependencies from all your repositories.

A.  

Users who have the Triage role within the repository

B.  

Users who have Read permissions within the repository

C.  

Users who have Write access to the repository

D.  

Users who have the security manager role within the repository​

A.  

In a third-party Git repository

B.  

In a workflow

C.  

In an external continuous integration (CI) system

D.  

In the Files changed tab of the pull request

A.  

Maintain

B.  

Admin

C.  

Triage

D.  

Write​

A.  

Automated pull requests that help you update dependencies that have known vulnerabilities

B.  

Automated pull requests that keep your dependencies updated, even when they don’t have any vulnerabilities

C.  

Automated pull requests to update the manifest to the latest version of the dependency

D.  

Compatibility scores to let you know whether updating a dependency could cause breaking changes to your project

A.  

Creates a pull request to upgrade the vulnerable dependency to the minimum possible secure version

B.  

Scans repositories for vulnerable dependencies on a schedule and adds those files to a manifest

C.  

Constructs a graph of all the repository's dependencies and public dependents for the default branch

D.  

Scans any push to all branches and generates an alert for each vulnerable repository

A.  

github/codeql-go/ql/src@main

B.  

github/codeql/cpp/ql/src@main

C.  

security-extended

A.  

Disable Dependabot alerts for all repositories owned by your organization

B.  

Fork the branch and deploy the new fork

C.  

Update the vulnerable dependencies before the branch is merged

D.  

Deploy the code to your default branch

A.  

The secret format

B.  

The name of the pattern

C.  

A list of repositories to scan

D.  

Additional match requirements for the secret format

A.  

Maintain

B.  

Write

C.  

Triage

D.  

Admin

A.  

support.md

B.  

readme.md

C.  

contributing.md

D.  

security.md