You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Looks like the copy/paste from the course description google doc introduced an extra word in the last bullet: Utilize best practices for to keep sensitive data out of repositories, remove the word for
In the first step we tell them to enable GitHub Pages but we don't tell them why. Should we add a quick sentence to say "this is a fun game deployed using GitHub Pages"? Also, as an aside, I wonder if we should make enabling pages a suggestion at the end instead of a required step in the beginning when it isn't essential to the learning objectives.
You already have an issue open for this, but we should add Step 1: etc to the H1's in the course marking each major new step
In the finding vulnerable dependencies issue, we say GitHub tracks public vulnerabilities in Ruby gems, NPM and Python packages. We should see if there is an evergreen listing somewhere we can link to?
In the same issue - minor typo GitHub receives a notifications of a newly-announced vulnerability.
For this Then, we check for repositories that use the affected version of that dependency. Then, we send security alerts to a set of people within those affected repositories. instead of then ... then, could we say First ... Second or something similar?
The owners are the ones contacted by default. could be The owners are contacted by default
Is it worth noting here that they may also see the big yellow warning on the Code tab? Maybe even drop in a screenshot of it?
In the activity instructions it says On the left hand navigation bar, click Dependencies but the tab is actually called Dependency graph
In the .gitignore instructions, we have this Git uses a file called .gitignore to decide which files and directories to ignore when committing. Keep files containing sensitive data, like configuration or env files, out of your repositories. ... can we add a couple words to the second sentence This helps you keep files ...
Maybe remove "Additionally" here Additionally, the .gitignore file can, and should, be committed into your repository.
Maybe change After committing sensitive data, to If you accidentally committed sensitive data,
I think we can remove this sentence But, a good thing to do now is limit this app's permissions.
Remove But from the beginning of this sentence But from a security perspective, each of these apps has access to some of your data. -- this and the next sentence could be re-worded as Every app installed on your repository has access to some of your data. Even if it is harmless (like me), it is a good idea to periodically check and prune the list of installed apps and integrations on your respositories.
I want you to uninstall me on some of your repositories. I would limit this to this repository or we might encounter a rash of support issues from them uninstalling for another course in progress.
When we talk about restricting the app, I wonder if we should just point them to where they find integrations and services and recommend that they check the list. The instructions given don't actually restrict this app and there are a lot of variables here that could make it messy (e.g. what if this is their only repo? what if they completely uninstall? etc) thoughts?
Utilize best practices for to keep sensitive data out of repositories, remove the wordforStep 1:etc to the H1's in the course marking each major new stepGitHub tracks public vulnerabilities in Ruby gems, NPM and Python packages.We should see if there is an evergreen listing somewhere we can link to?GitHub receives a notifications of a newly-announced vulnerability.Then, we check for repositories that use the affected version of that dependency. Then, we send security alerts to a set of people within those affected repositories.instead of then ... then, could we say First ... Second or something similar?The owners are the ones contacted by default.could beThe owners are contacted by defaultOn the left hand navigation bar, click Dependenciesbut the tab is actually calledDependency graphGit uses a file called .gitignore to decide which files and directories to ignore when committing. Keep files containing sensitive data, like configuration or env files, out of your repositories.... can we add a couple words to the second sentenceThis helps you keep files ...Additionally, the .gitignore file can, and should, be committed into your repository.After committing sensitive data,toIf you accidentally committed sensitive data,But, a good thing to do now is limit this app's permissions.Butfrom the beginning of this sentenceBut from a security perspective, each of these apps has access to some of your data.-- this and the next sentence could be re-worded asEvery app installed on your repository has access to some of your data. Even if it is harmless (like me), it is a good idea to periodically check and prune the list of installed apps and integrations on your respositories.I want you to uninstall me on some of your repositories.I would limit this to this repository or we might encounter a rash of support issues from them uninstalling for another course in progress.