Exercise 04: Secure development with GitHub Advanced Security

Scenario

This training not only focuses on Copilot features for creating issues and deploying infrastructure and code, but also emphasizes secure devops procedures. Zava as an organization wants to ensure that developers are productive but also guided through secure practices.

In previous exercises you have created infrastructure and delivered code using GitHub CI/CD workflows.

In this exercise, you will configure GitHub Advanced Security features and enable code quality gates, security code reviews and leverage features such as automatic Pull Requests to support developer productivity and awareness of security best practices.

Objectives

After completing this exercise, you’ll be able to:

• Configure and leverage GitHub Advanced Security features
• Prevent secrets from being pushed to a repository
• Setup Copilot code review
• Setup Copilot code quality workflows
• Automatically detect and fix vulnerabilities
• Review Copilot alerts and recommendations

Duration

• Estimated Time: 60 minutes

---

Table of contents

• 1. Configure essential GitHub Advanced Security settings
• 2. Prevent secrets from being stored in code
• 3. Scan repositories for vulnerabilities and code quality