Security and Administration Questions

What do branch protection rules allow repository administrators to enforce?

For personal use of the GitHub REST API, which credential does GitHub recommend creating when possible?

A security team wants to use an SSH key with resources owned by an organization that enforces SAML single sign-on. What extra step is required?

A company uses SAML single sign-on for an organization. A developer already has a personal access token but still cannot use it against that organizat...

What is true about a passkey on GitHub?

What is the main limitation of GITHUB_TOKEN in a GitHub Actions workflow by default in this context?

An organization wants an integration to access the API on behalf of users or the organization with more controlled permissions. What does GitHub recom...

A developer uses Git over HTTPS to GitHub from the command line. What should they enter when Git prompts for a password?

A maintainer needs to discuss and fix a security vulnerability in a public repository before publicly alerting users. Which feature supports that work...

Before merging a pull request that changes dependencies, which feature helps you review the impact and spot vulnerable versions?

Which GitHub feature blocks a push when hardcoded credentials are detected?

An organization wants a high-level view of security trends, risky repositories, and overall security status. Which feature should it use?

Which feature alerts you to vulnerable dependencies and can create pull requests to update them?

On GitHub Free, GitHub Pro, or GitHub Team, when are artifact attestations available?

Which feature automatically detects security vulnerabilities and coding errors in new or modified code so you can fix them before merge?