{"id":5523,"date":"2025-07-24T12:37:48","date_gmt":"2025-07-24T12:37:48","guid":{"rendered":"https:\/\/techhub.saworks.io\/docs\/tutoriel-github\/securite-avancee-sur-github-partie-1-sur-2\/comment-utiliser-ghas-pour-un-impact-maximal\/"},"modified":"2025-09-09T10:17:45","modified_gmt":"2025-09-09T10:17:45","slug":"comment-utiliser-ghas-pour-un-impact-maximal","status":"publish","type":"docs","link":"https:\/\/techhub.saworks.io\/fr\/docs\/tutoriel-github\/securite-avancee-sur-github-partie-1-sur-2\/comment-utiliser-ghas-pour-un-impact-maximal\/","title":{"rendered":"Comment utiliser GHAS pour un impact maximal"},"content":{"rendered":"\n<div class=\"wp-block-group is-layout-constrained wp-block-group-is-layout-constrained\">\n<p>Dans cette unit\u00e9, nous allons examiner :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>La compr\u00e9hension du&nbsp;<strong>graphe de d\u00e9pendances<\/strong><\/li>\n\n\n\n<li>L\u2019action sur les&nbsp;<strong>alertes GHAS<\/strong><\/li>\n\n\n\n<li>Qui a&nbsp;<strong>acc\u00e8s aux alertes<\/strong><\/li>\n<\/ul>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Le graphe de d\u00e9pendances : au c\u0153ur de la s\u00e9curit\u00e9 de la cha\u00eene d\u2019approvisionnement<\/strong><\/h3>\n\n\n\n<p>Le&nbsp;<strong>graphe de d\u00e9pendances<\/strong>&nbsp;identifie toutes les&nbsp;<strong>d\u00e9pendances amont<\/strong>&nbsp;et les&nbsp;<strong>d\u00e9pendances aval publiques<\/strong>&nbsp;d\u2019un d\u00e9p\u00f4t ou d\u2019un paquet.<br>Vous pouvez consulter les d\u00e9pendances de votre d\u00e9p\u00f4t et certaines de leurs propri\u00e9t\u00e9s (comme les vuln\u00e9rabilit\u00e9s) dans l\u2019onglet&nbsp;<strong>Insights<\/strong>&nbsp;du d\u00e9p\u00f4t.<\/p>\n\n\n\n<p>GitHub g\u00e9n\u00e8re ce graphe \u00e0 partir des&nbsp;<strong>d\u00e9pendances explicites<\/strong>&nbsp;d\u00e9clar\u00e9es dans les fichiers&nbsp;<strong>manifestes<\/strong>&nbsp;et&nbsp;<strong>lockfiles<\/strong>. Une fois activ\u00e9, il analyse automatiquement tous les fichiers manifestes connus pour construire un graphe avec les noms et versions des d\u00e9pendances.<\/p>\n\n\n\n<p><strong>Points cl\u00e9s :<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Inclut les&nbsp;<strong>d\u00e9pendances directes<\/strong>&nbsp;et&nbsp;<strong>transitives<\/strong><\/li>\n\n\n\n<li>Se met \u00e0 jour automatiquement lorsqu\u2019un commit modifie ou ajoute un fichier manifeste ou lock pris en charge<\/li>\n\n\n\n<li>Se met aussi \u00e0 jour si une d\u00e9pendance est modifi\u00e9e dans son propre d\u00e9p\u00f4t<\/li>\n\n\n\n<li>Accessible via l\u2019onglet&nbsp;<strong>Insights<\/strong>&nbsp;de la page principale du d\u00e9p\u00f4t<\/li>\n\n\n\n<li>Export possible au format&nbsp;<strong>SBOM compatible SPDX<\/strong>, via l\u2019interface GitHub ou l\u2019API REST<\/li>\n\n\n\n<li>L\u2019<strong>API de soumission de d\u00e9pendances (b\u00eata)<\/strong>&nbsp;permet de soumettre des d\u00e9pendances m\u00eame si l\u2019\u00e9cosyst\u00e8me n\u2019est pas pris en charge<\/li>\n<\/ul>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Fonctionnalit\u00e9s qui s\u2019appuient sur le graphe :<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Revue des d\u00e9pendances<\/strong>&nbsp;: identifie les changements et leur impact en mati\u00e8re de s\u00e9curit\u00e9<\/li>\n\n\n\n<li><strong>Alertes Dependabot<\/strong>&nbsp;: d\u00e9tecte les vuln\u00e9rabilit\u00e9s en croisant les donn\u00e9es du graphe avec la base GitHub Advisory<\/li>\n\n\n\n<li><strong>Mises \u00e0 jour de s\u00e9curit\u00e9 Dependabot<\/strong>&nbsp;: aide \u00e0 mettre \u00e0 jour les d\u00e9pendances vuln\u00e9rables<\/li>\n\n\n\n<li><strong>Mises \u00e0 jour de version Dependabot<\/strong>&nbsp;: ne s\u2019appuient pas sur le graphe, mais sur le&nbsp;<strong>versionnage s\u00e9mantique<\/strong><\/li>\n<\/ul>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Agir sur les alertes GHAS<\/strong><\/h2>\n\n\n\n<p>GHAS offre une&nbsp;<strong>vue d\u2019ensemble compl\u00e8te<\/strong>&nbsp;de la posture de s\u00e9curit\u00e9 d\u2019une organisation et permet de&nbsp;<strong>prioriser et g\u00e9rer efficacement les risques<\/strong>.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Types d\u2019alertes GHAS :<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Alertes d\u2019analyse de code (Code Scanning)<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>Alertes CodeQL<\/strong>&nbsp;: identifient les vuln\u00e9rabilit\u00e9s comme les injections SQL, XSS, etc.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Alertes d\u2019analyse de secrets (Secret Scanning)<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>Secrets expos\u00e9s<\/strong>&nbsp;: d\u00e9tectent les cl\u00e9s API ou identifiants sensibles dans le code source<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Alertes de d\u00e9pendances (Dependabot)<\/strong>\n<ul class=\"wp-block-list\">\n<li>D\u00e9tecte les d\u00e9pendances obsol\u00e8tes et propose des mises \u00e0 jour s\u00e9curis\u00e9es<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Vue d\u2019ensemble de la s\u00e9curit\u00e9<\/strong>\n<ul class=\"wp-block-list\">\n<li>Tableau de bord r\u00e9sumant l\u2019\u00e9tat de s\u00e9curit\u00e9 du d\u00e9p\u00f4t<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Alertes tierces<\/strong>\n<ul class=\"wp-block-list\">\n<li>Int\u00e9gration possible avec des outils externes via des fichiers&nbsp;<strong>SARIF<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Cons\u00e9quences de l\u2019ignorance des alertes<\/strong><\/h3>\n\n\n\n<p>Ignorer une alerte de s\u00e9curit\u00e9 peut entra\u00eener :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Exploitation par des acteurs malveillants<\/strong><\/li>\n\n\n\n<li><strong>Violations de donn\u00e9es<\/strong>,&nbsp;<strong>interruptions de service<\/strong><\/li>\n\n\n\n<li><strong>Efforts de correction accrus<\/strong>,&nbsp;<strong>retards de projet<\/strong>,&nbsp;<strong>perte de confiance<\/strong><\/li>\n<\/ul>\n\n\n\n<p>\u00c0 long terme :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Atteinte \u00e0 la r\u00e9putation<\/strong><\/li>\n\n\n\n<li><strong>Non-conformit\u00e9 r\u00e9glementaire<\/strong><\/li>\n\n\n\n<li><strong>Pertes financi\u00e8res<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Les d\u00e9veloppeurs doivent&nbsp;<strong>analyser imm\u00e9diatement<\/strong>&nbsp;la nature et la gravit\u00e9 de l\u2019alerte, \u00e9valuer son impact et appliquer les mesures correctives.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Qui a acc\u00e8s aux alertes ?<\/strong><\/h2>\n\n\n\n<p>GHAS permet une&nbsp;<strong>gestion fine des acc\u00e8s<\/strong>, garantissant que seules les personnes autoris\u00e9es peuvent consulter les alertes sensibles.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Acc\u00e8s par r\u00f4le :<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Analyse de code et alertes Dependabot<\/strong>&nbsp;: accessibles \u00e0 ceux ayant le r\u00f4le&nbsp;<strong>Write<\/strong><\/li>\n\n\n\n<li><strong>Alertes d\u2019analyse de secrets<\/strong>&nbsp;: accessibles uniquement aux utilisateurs ayant le r\u00f4le&nbsp;<strong>Admin<\/strong><\/li>\n\n\n\n<li><strong>Acc\u00e8s personnalis\u00e9<\/strong>&nbsp;: tout utilisateur ou \u00e9quipe peut se voir accorder l\u2019acc\u00e8s \u00e0 toutes les alertes via les&nbsp;<strong>param\u00e8tres d\u2019acc\u00e8s aux alertes<\/strong>&nbsp;du d\u00e9p\u00f4t<\/li>\n<\/ul>\n\n\n\n<p>Une gestion efficace des acc\u00e8s&nbsp;<strong>am\u00e9liore la collaboration<\/strong>&nbsp;et permet \u00e0 chaque membre de se concentrer sur les aspects de s\u00e9curit\u00e9 pertinents \u00e0 son r\u00f4le.<\/p>\n\n\n\n<p>En comprenant comment&nbsp;<strong>identifier les vuln\u00e9rabilit\u00e9s<\/strong>,&nbsp;<strong>r\u00e9agir aux alertes<\/strong>,&nbsp;<strong>g\u00e9rer les acc\u00e8s<\/strong>, et&nbsp;<strong>\u00e9viter les risques li\u00e9s \u00e0 l\u2019inaction<\/strong>, les \u00e9quipes peuvent&nbsp;<strong>exploiter pleinement GHAS<\/strong>&nbsp;pour cr\u00e9er un environnement de d\u00e9veloppement&nbsp;<strong>plus s\u00e9curis\u00e9 et r\u00e9silient<\/strong>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Dans cette unit\u00e9, nous allons examiner : Le graphe de d\u00e9pendances : au c\u0153ur de la s\u00e9curit\u00e9 de la cha\u00eene d\u2019approvisionnement Le&nbsp;graphe de [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":5497,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"","doc_tag":[],"doc_badge":[],"class_list":["post-5523","docs","type-docs","status-publish","hentry"],"author_avatar":"https:\/\/secure.gravatar.com\/avatar\/6a70e7c73db9f245e650948d09d74f61?s=96&d=mm&r=g","author_name":"Annick N'dri","_links":{"self":[{"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/docs\/5523"}],"collection":[{"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/comments?post=5523"}],"version-history":[{"count":0,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/docs\/5523\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/docs\/5497"}],"wp:attachment":[{"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/media?parent=5523"}],"wp:term":[{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/doc_tag?post=5523"},{"taxonomy":"doc_badge","embeddable":true,"href":"https:\/\/techhub.saworks.io\/fr\/wp-json\/wp\/v2\/doc_badge?post=5523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}