ps-copilot-sandbox · arilivigni · Jun 3, 2024 · May 30, 2024 · May 30, 2024 · May 30, 2024
@@ -2,54 +2,107 @@
 
 ## Overview
 
-This demo will show you how to configure GitHub Copilot for your organization and enterprise. It will guide the customer on each level of configuration and how to enable/disable features.
+This demo will show you how to configure GitHub Copilot for your enterprise and organization. It will guide the customer on each level of configuration and how to enable/disable features.
 
-## GitHub Settings 
+## GitHub Settings
 
 ### Enterprise Settings
 
-#### Access and Policies 
+#### Enterprise Access Management
 
-- Show Suggestions matching public code 
-- Notification on matching code 
-- Manage organization access to GitHub Copilot 
+Show the following options:
 
-#### Beta Features
+- Total seats assigned and a monthly cost and a link to view billing details
+  - **Action Item:** Click link `View billing` and showcase how it looks in your enterprise.
+- Copilot Enterprise is active in your enterprise options
+  - Disabled
+  - Allow for all organizations
+  - Allow for specific organizations
 
-- GitHub Copilot Chat IDE
-- GitHub Copilot in the CLI 
+#### Enterprise Policies and Features
+
+Show the following options:
+
+- Suggestions matching public code
+- Copilot in github.com
+  - Give Copilot access to Bing **Beta**
+  - Opt in to user feedback collection
+- Copilot Chat in the IDE
+- Copilot Chat in GitHub Mobile
+- Copilot in the CLI
 
 ### Organization Settings
 
-#### Access
+#### Manage & Control Access
 
-- Number of copilot seats 
-- Estimated monthly cost 
+- Number of copilot seats
+- Estimated monthly cost
   - View billing details
-- Policy for enabled members 
+- Policy for enabled members
 - Access management
   - **Action Item:** Download report and showcase how it looks in your organization.
 
-#### Policies and Features
+#### Organization Policies
+
+Show the following options:
+
+- Suggestions matching public code
+- Copilot in github.com
+  - Give Copilot access to Bing **Beta**
+  - Opt in to user feedback collection
+- Copilot Chat in the IDE
+- Copilot Chat in GitHub Mobile
+- Copilot in the CLI
+
+#### Organization Features
+
+##### Knowledge Bases
+
+- Review creating a Knowledge Base
+  - Adding a knowledge base path inclusion
+
+![Knowledge Base Creation](../docs/images/copilot-manage-knowledge-bases1-dark.gif)
 
-- Suggestions matching public code 
-- Notifications on matching code 
-- Beta Features
-  - GitHub Copilot Chat for IDE
-  - GitHub Copilot in the CLI 
+![Knowledge Base Include Paths](../docs/images/copilot-manage-knowledge-bases2-dark.gif)
+
+##### Content Exclusion
+
+- Review creating a Content Exclusion
+  - Adding repository and path to files to exclude
+
+![Content Exclusion adding repositories and paths to exclude](../docs/images/copilot-content-exclusion-organization-dark.gif)
 
 ## Client Side Settings
 
 ### Network Settings
 
+- Proxy Settings
+  - **Action Item:** Show how to configure proxy settings in the IDE
+- Authentication Modes
+  - **Action Item:** Show how authentication modes work with GitHub Copilot
+
 ### Firewall Settings
 
-## IDE Settings 
+- Show the URLs to add to an allowlist
+
+## IDE Advanced Settings
+
+### Supported IDEs
+
+- Visual Studio Code
+- Visual Studio
+- IntelliJ IDEA
+- Vim/Neovim
+- Azure Data Studio
+
+### Enable non-programming Meta Files
+
+- **Action Item:** Show how to enable/disable non-programming meta files in the IDE
 
 ### VSCode
 
 GitHub Copilot Extension and click on it -> Click the gear icon -> Click on Extension Settings -> Click on the blue Edit in settings.json button
 
-### IntelliJ
+### IntelliJ IDEA
 
 Go to Settings -> Language and Framework -> GitHub Copilot -> Update advanced settings in this view
@@ -18,23 +18,29 @@ Update "TOKEN" under the Authentication tab with the token you created in the [C
 
 ![postman token update](../docs/images/Telemetry/postman-update-token.png)
 
-Update the variables "ORG" and "USERNAME" under the Variables tab with your organization name and your GitHub username you want to view.
+Update the variables "ORG" and "USERNAME" under the Variables tab with your organization name and your GitHub username you want to view. "ENTERPRISE" if you want to view usage for an enterprise account.
 
 ![postman variable update](../docs/images/Telemetry/postman-update-variables.png)
 
-### Step 2: Demo the Copilot REST API _Get Org Seat Information_
+### Step 2: Demo the Copilot REST API _Get Org Usage Information_
+
+Double click on "Get Org Usage Information" to open the request. Click "Send" to send the request.
+
+![Get Org Usage Information](../docs/images/Telemetry/get-org-usage-information.png)
+
+### Step 3: Demo the Copilot REST API _Get Org Seat Information_
 
 Double click on "Get Org Seat Information" to open the request. Click "Send" to send the request.
 
 ![Get Org Seat Information](../docs/images/Telemetry/get-org-seat-information.png)
 
-### Step 3: Demo the Copilot REST API _List Org Seat Assignments_
+### Step 4: Demo the Copilot REST API _List Org Seat Assignments_
 
 Double click on "List Org Seat Assignments" to open the request. Click "Send" to send the request.
 
 ![List Org Seat Assignments](../docs/images/Telemetry/list-org-seat-assignments.png)
 
-### Step 4: Demo the Copilot REST API _Get Seat for a User_
+### Step 5: Demo the Copilot REST API _Get Seat for a User_
 
 Double click on "Get Seat for a User" to open the request. Click "Send" to send the request.
 

@@ -6,8 +6,7 @@ Step One: [Setup Postman](postman-setup-info/postman-collection-setup.md)
 
 Step Two: [Demo Copilot API](GitHub-Copilot-API-Demo.md)
 
-
-### Collections 
+### Collections
 
 - [GitHub v3 REST APIs](postman-setup-info/GitHub-v3-REST-API.postman_collection.json)
 - [GitHub Copilot REST APIs](postman-setup-info/GitHubCopilotAPI.postman_collection.json)
@@ -1,12 +1,51 @@
 {
 	"info": {
-		"_postman_id": "ac350d03-c04a-497e-8c3d-48cda67500d8",
+		"_postman_id": "ff194d7e-adf0-4ee2-9fae-07223e43812a",
 		"name": "GitHub Copilot API",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
-		"_exporter_id": "23948556",
-		"_collection_link": "https://warped-resonance-718170.postman.co/workspace/New-Team-Workspace~8b7cd40b-aab9-4298-b6e3-921cbe93bba4/collection/23948556-ac350d03-c04a-497e-8c3d-48cda67500d8?action=share&source=collection_link&creator=23948556"
+		"_exporter_id": "17175297"
 	},
 	"item": [
+		{
+			"name": "Get Org Usage",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{url}}/orgs/{{org}}/copilot/usage",
+					"host": [
+						"{{url}}"
+					],
+					"path": [
+						"orgs",
+						"{{org}}",
+						"copilot",
+						"usage"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "Get Enterprise  Usage",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{url}}/enterprises/{{enterprise}}/copilot/usage",
+					"host": [
+						"{{url}}"
+					],
+					"path": [
+						"enterprises",
+						"{{enterprise}}",
+						"copilot",
+						"usage"
+					]
+				}
+			},
+			"response": []
+		},
 		{
 			"name": "Get Org Seat Information",
 			"request": {
@@ -203,7 +242,7 @@
 	"variable": [
 		{
 			"key": "org",
-			"value": "ORGNAME",
+			"value": "ORG",
 			"type": "string"
 		},
 		{
@@ -215,6 +254,11 @@
 			"key": "username",
 			"value": "USERNAME",
 			"type": "string"
+		},
+		{
+			"key": "enterprise",
+			"value": "ENTERPRISE",
+			"type": "string"
 		}
 	]
 }
@@ -0,0 +1,5 @@
+# Copilot Administration & Security - Demo: Data Privacy
+
+## [Copilot Transcripts](copilot-transcript-sql.md)
+
+## [Vulnerable Patterns in Incomplete Code Fragments](vulnerable_patterns_in_incomplete_fragments_of_code.md)
@@ -101,7 +101,7 @@ whats the difference, interms of security, between an SQL Statement and a Prepar
 
 In terms of security, there are a few key differences between a SQL statement and a prepared statement:
 
- 1. SQL Injection Protection: Prepared statements provide built-in protection against SQL injection attacks. With a prepared statement, the SQL query is precompiled and the query parameters are treated as separate entities, preventing malicious input from altering the structure of the query. This helps to mitigate the risk of SQL injection vulnerabilities.
+1. SQL Injection Protection: Prepared statements provide built-in protection against SQL injection attacks. With a prepared statement, the SQL query is precompiled and the query parameters are treated as separate entities, preventing malicious input from altering the structure of the query. This helps to mitigate the risk of SQL injection vulnerabilities.
 
 2. Parameterized Queries: Prepared statements use parameterized queries, where the query parameters are represented by placeholders in the SQL statement. The actual parameter values are then bound to these placeholders at runtime. This separation of the query logic from the data values helps to ensure that user input is properly sanitized and prevents unauthorized access to the underlying database.
 
@@ -142,4 +142,3 @@ Securing a Java application that interacts with a database involves implementing
 1. Regularly Perform Security Audits and Penetration Testing: Conduct regular security audits and penetration testing to identify and address any vulnerabilities in your application and database configuration. This helps ensure that your security measures are effective and up to date.
 
 Remember that security is an ongoing process, and it's important to stay informed about the latest security best practices and vulnerabilities relevant to your specific database technology and application stack.
-
@@ -2,91 +2,83 @@
 
 ![abelberhane](../docs/images/abelberhane.png)
 
-Examples by  [@abelberhane](https://www.github.com/abelberhane) 
+Examples by  [@abelberhane](https://www.github.com/abelberhane)
 
 ---
+<!-- markdownlint-disable MD033 -->
+## SQL Injection Vulnerability
 
-<br><br><br>
-
-# SQL Injection Vulnerability
-
-## Incomplete Code Fragment (Python) <img width="50px" src="../docs/images/python-logo.png">
+### Incomplete Code Fragment (Python) #1 <img width="50px" src="../docs/images/python-logo.png" alt="Python">
 
 ```python
 def get_user_data(user_id): query = "SELECT * FROM users WHERE id = " + user_id # ... database query execution 
 ```
 
-### Copilot's Contribution
+#### Copilot's Contribution #1
 
 >Copilot can recognize that concatenating a variable directly into a SQL query string is a common pattern leading to SQL injection vulnerabilities. It might suggest a modification using parameterized queries or ORM (Object-Relational Mapping) methods to prevent such issues.
 
-### Suggested Code
+#### Suggested Code #1
 
 ```python
 def get_user_data(user_id): query = "SELECT * FROM users WHERE id = %s" params = (user_id,) # ... database query execution with parameters... 
 ```
 
 ---
 
-<br><br><br>
-
-# Cross-Site Scripting (XSS) in Web Applications
+## Cross-Site Scripting (XSS) in Web Applications
 
-## Incomplete Code Fragment (JavaScript) <img width="40px" src="../docs/images/node-js.png">
+### Incomplete Code Fragment (JavaScript) #2 <img width="40px" src="../docs/images/node-js.png" alt="NodeJS">
 
 ```javascript
 app.get('/search', function(req, res) { var searchTerm = req.query.term; res.send('Results for: ' + searchTerm); }); 
 ```
 
-### Copilot's Contribution
+#### Copilot's Contribution #2
 
 >Recognizing the pattern of directly including user input in the response, Copilot might suggest sanitizing the input or encoding the output to prevent XSS attacks.
 
-### Suggested Code
+#### Suggested Code #2
 
 ```javascript
 app.get('/search', function(req, res) { var searchTerm = escape(req.query.term); res.send('Results for: ' + searchTerm); }); 
 ```
 
 ---
 
-<br><br><br>
+## Insecure Password Storage
 
-# Insecure Password Storage
-
-## Incomplete Code Fragment (JavaScript) <img width="40px" src="../docs/images/node-js.png">
+### Incomplete Code Fragment (JavaScript) #3 <img width="40px" src="../docs/images/node-js.png" alt="NodeJS">
 
 ```javascript
 function storeUser(username, password) { // Code to store username and password directly in the database } 
 ```
 
-### Copilot's Contribution
+#### Copilot's Contribution #3
 
 >Identifying the pattern of insecure password handling, Copilot could suggest implementing hashing with a strong algorithm like bcrypt before storing passwords.
 
-### Suggested Code
+#### Suggested Code #3
 
 ```javascript
 const bcrypt = require('bcrypt'); function storeUser(username, password) { const salt = bcrypt.genSaltSync(10); const hash = bcrypt.hashSync(password, salt); // Code to store username and hashed password in the database } 
 ```
 
 ---
 
-<br><br><br>
-
-# Inadequate Encryption Use
+## Inadequate Encryption Use
 
-## Incomplete Code Fragment (Python) <img width="50px" src="../docs/images/python-logo.png">
+### Incomplete Code Fragment (Python) #4 <img width="50px" src="../docs/images/python-logo.png" alt="Python">
 
 ```python
 from Crypto.Cipher import AES import os def encrypt_message(message): key = os.urandom(16) # 16-byte key cipher = AES.new(key, AES.MODE_ECB) # ... 
 ```
 
-## Copilot's Contribution:
+#### Copilot's Contribution Python #4
 
 >In this case, Copilot might highlight the use of ECB mode, which is generally considered insecure for encryption, and suggest using a more secure mode like CBC or GCM.
 
-## Suggested Code:
+#### Suggested Code Python #4
 
 ```python
 from Crypto.Cipher import AES import os def encrypt_message(message): key = os.urandom(16) # 16-byte key cipher = AES.new(key, AES.MODE_CBC, iv) # ...