GitHub Foundations: Essential Skills for Aspiring DevSecOps Professionals

To become a capable and trusted DevOps or DevSecOps professional, mastering GitHub basics is critical, my BCS, The Chartered Institute for IT DevSecOps mentor reminded me. With over 100 million developers and 330 million repositories, GitHub offers a platform for version control and collaboration with a vibrant community, and it's clear why this is essential. This article shares my experience from completing the official "GitHub Foundations Learning Path" on Microsoft Learn, offering insights for early developers, DevOps, and DevSecOps professionals.

Key Topics GitHub Key Concepts & Flow Overview

• Git Terminology: Mastering Git starts with understanding its terminology. Key concepts like the working tree, repositories, commits, branches, and pull requests are essential. I learned how these elements work together to manage and track project changes effectively. You can do the same here: Introduction to Git.
• Branch Workflow: The GitHub flow encourages maintaining the integrity of the main branch while allowing experimentation and development in separate branches. I learned how this workflow ensures that changes are tested and reviewed before being merged, which is essential for maintaining stable and reliable codebases in production environments. You can do the same here: Introduction to GitHub.

Security Practices

• Securing Code: The course highlighted the importance of securing code right from its inception. Techniques such as using .gitignore to exclude sensitive data, scanning for secrets, and utilising branch protection rules all help safeguard code.
• Security Policies: Creating a SECURITY.md file is a proactive approach to engaging with the community responsibly. It allows you to specify a framework for secure and constructive contributions by guiding how vulnerabilities should be reported and handled.

This module guided me through the tools and features needed to develop and implement a secure development strategy, as well as maintain repositories securely using best practices. You can do the same here: Maintain a secure repository by using GitHub best practices.

Contributing to Open Source

• Making Contributions: Taking on open source tickets is a great way to gain practical experience, build skills, expand portfolios, and positively engage with the community through giving.
• How to Start: I started by identifying tasks, exploring issues, and using GitHub's search and labels features. I found a DevOps project that needed help, reached out, and my offer to assist was accepted. I’m building my skills while helping a more experienced developer complete his project—a win-win situation. This module guided me through finding the right project, creating the pull request, and following best practices in communication and code review. You can do the same here: Contribute to an open-source project on GitHub.

GitHub Foundations Learning Path

The modules are bite-sized, with overviews and practical exercises/labs. They can be done in any order, but I found it helpful to tackle them sequentially as the elements are built up over the course. The practical exercises are awesome, providing step-by-step guidance and a sandbox to experiment. I’ve found following up on the exercises with independent practical projects is a great way to solidify and extend learning.

Key Takeaways from My Experience

• Community: GitHub is as much about people as it is about code. It's brimming with innovation, passion, vision, roadmaps, and the current construction of the future of software. It's people who make GitHub. Building connections can lead to open-source experience, mentorships, collaborations, and even job opportunities.
• Communication is Key: Unlocking GitHub's value comes from effective communication. From etiquette to writing readable Markdown and following contribution protocols, learning the vocabulary and how to communicate opens many doors.
• Security First: Secure coding practices should start at the beginning of a GitHub journey. This protects not only our projects but also the users of our software. The tools are integrated and worth learning.

Conclusion

Completing the GitHub Foundations Learning Path has been a valuable journey, helping me solidify my understanding of the platform's tools and features. I appreciate the immense value these tools bring, allowing me to effectively contribute to open-source projects and better understand how I can make a meaningful impact in organisations ranging from finance to security. Every line of code I write now represents a step toward mastering this powerful platform, equipping me with skills to become a trusted member of any team.

I’m looking forward to completing more projects using these skills. I have already started my automation journey using GitHub Actions.?

I really recommend the GitHub Foundations course if you feel there might be gaps,? or updates needed to your knowledge. Equally if you are starting from scratch, this is a great investment of your time. You can complete it for free here: GitHub Foundation Learning Path.

Let me know what you think, about your experience, what’s been useful for you and what hasn’t. Connect and join the conversation!