GitHub GH-500 30-, 60-, and 90-day study plan for code security, scanning, policy, review loops, and final-week priorities.
This plan is a compact route for GitHub Advanced Security (GHAS). It assumes you are using TechExamLexicon for concept clarity and the exact IT Mastery page for practice routing.
| Day | Focus | What to do |
|---|---|---|
| Day 1 | Orientation and scope | Read the exam guide overview and official vendor page, then use this study plan to mark the lanes you already know and the lanes that need practice. |
| Day 2 | Code scanning | Understand alerts, SARIF, CodeQL, custom queries, severity, and triage. |
| Day 3 | Secret scanning | Detect exposed tokens, push protection, alert routing, and remediation. |
| Day 4 | Dependency security | Use Dependabot alerts, updates, dependency review, SBOM concepts, and vulnerability triage. |
| Day 5 | Policy and permissions | Apply organization settings, repository rules, branch protection, security roles, and audit logs. |
| Day 6 | Workflow security | Secure Actions permissions, third-party actions, OIDC, environment protection, and PR trust boundaries. |
| Day 7 | Timed review and scheduling decision | Run a timed practice block, review explanations, update a one-page rule sheet, and verify current vendor facts before scheduling. |