Anthropic-Cybersecurity-Skills/skills/implementing-github-advanced-security-for-code-scanning/assets/template.md

GHAS Code Scanning Implementation Template

Organization Security Configuration

Setting	Value	Notes
Organization	_______________
GHAS License Seats	_______________	Active committers
Default Query Suite	[ ] default [ ] security-extended [ ] security-and-quality
Branch Protection Enabled	[ ] Yes [ ] No
Secret Scanning Enabled	[ ] Yes [ ] No
Push Protection Enabled	[ ] Yes [ ] No
Dependabot Enabled	[ ] Yes [ ] No

Repository Enablement Tracker

Repository	Languages	Setup Type	Scanning Active	Open Alerts	Date Enabled
		[ ] Default [ ] Advanced	[ ] Yes [ ] No
		[ ] Default [ ] Advanced	[ ] Yes [ ] No
		[ ] Default [ ] Advanced	[ ] Yes [ ] No

Custom Query Pack Registry

Pack Name	Version	Description	Target Languages

Alert Severity Gate Configuration

Environment	Block on Critical	Block on High	Block on Medium	Block on Low
Production (main)	[x] Yes	[x] Yes	[ ] Yes	[ ] No
Staging (develop)	[x] Yes	[ ] Yes	[ ] No	[ ] No
Feature branches	[x] Yes	[ ] Yes	[ ] No	[ ] No

Secret Scanning Custom Patterns

Pattern Name	Regex	Description	Alert Enabled	Push Protection
			[ ] Yes [ ] No	[ ] Yes [ ] No

Weekly Security Review Checklist

• Review new critical and high severity alerts
• Check alert dismissal reasons for quality
• Verify new repositories have scanning enabled
• Review Dependabot alerts and merge security updates
• Check secret scanning alerts for exposed credentials
• Update security overview dashboard metrics
• Review MTTR trends and identify bottlenecks

Escalation Matrix

Alert Severity	Response SLA	Escalation Contact	Action Required
Critical	24 hours	Security Lead	Immediate remediation, potential incident
High	72 hours	Team Lead	Prioritize in current sprint
Medium	2 weeks	Developer	Schedule for next sprint
Low	30 days	Developer	Add to backlog