What you'll learn

Modern applications rely on hundreds of third-party dependencies, each representing a potential attack vector. In this course, Enhance Software Supply Chain Security with Dependency Review (GH-500), you'll gain practical skills that serve two goals: passing the GH-500 certification exam and securing real-world software supply chains.

First, you'll explore supply chain security fundamentals through the lens of actual breaches (SolarWinds, Log4Shell, event-stream). Next, you'll master GitHub's dependency review feature to catch vulnerable packages during code review—before they reach production. Then, you'll configure Dependabot alerts with auto-triage rules and grouped security updates to manage vulnerabilities at scale.

The enhanced cert-aligned modules dive deep into how GitHub's dependency security actually works: dependency graph generation, SBOM exports in SPDX format, and the alert lifecycle from Advisory Database to remediation. You'll build production-ready workflows using the Dependency Review Action with license compliance and severity thresholds.

When you're finished, you'll have both the conceptual knowledge for GH-500 Domain 3 (35% of exam weight) and the hands-on skills to dramatically reduce your organization's supply chain risk.