GitHub Advanced Security

This is a simple demo to show how to use GitHub Advanced Security to find and fix security vulnerabilities in your code.

Dependabot

• Enable Dependabot
• Dependabot Security Updates
• Dependabot Version Updates
• Dependabot Pull Requests

Code Scanning

Enable Code Scanning

Settings > Code Security & Analysis > Code analysis settings

The Security Tab

• Show how to view security vulnerabilities in the Security tab
• Show Code Paths to follow the code to the vulnerability
• Show how to create an Issue to fix the vulnerability

Fixing the Vulnerability

• Show how to create a branch for the Issue and open in CodeSpaces
• Show how to use Copilot to help write the fix using the /fix command
• Show how to create a Pull Request
• Show how to use Copilot Enterprise to explain the fix in the Pull Request

When Code Scanning doesn't find the vulnerability

• Show that CodeQL can't find all problems, for instance with Asp.net Model Binding

Secret Scanning

• Show how to find leaked secrets in the repository
• Show Push Protection (generate a new secret and show how it's blocked)

Branch Protection

• Show how to enable Branch Protection and what it does