Which combination correctly lists the three primary areas of focus in GitHub Advanced Security?

GitHub Advanced Security centers on three areas that cover security from development through deployment: the software supply chain, the code itself, and the environments where deployments occur. The supply chain focus means guarding where components come from and how they’re updated—things like dependency checks, provenance verification, and SBOMs to understand what’s inside a build. The code focus targets security within the repository, using code scanning and secret scanning to find vulnerabilities and exposed credentials early in the development process. The environments focus protects the deployment phase, enforcing rules and approvals so that only verified changes reach production. This trio provides end-to-end coverage, aligning security checks with where risks arise across building, reviewing, and releasing software. Other options mix in terms like monitoring or generic phases that aren’t formal GAS pillars, or pair concepts that don’t map to its primary focus areas.