Skip to main content

Spotlight on GitHub Advanced Security

Join Microsoft Reactor and engage with developers, entrepreneurs, and startups live

Ready to get started with AI and the latest technologies? Microsoft Reactor provides events, training, and community resources to help developers, entrepreneurs and startups build on AI technology and more. Join us!

Spotlight on GitHub Advanced Security

Join Microsoft Reactor and engage with developers, entrepreneurs, and startups live

Ready to get started with AI and the latest technologies? Microsoft Reactor provides events, training, and community resources to help developers, entrepreneurs and startups build on AI technology and more. Join us!

Go back

Spotlight on GitHub Advanced Security

  • Format:
  • alt##LivestreamLivestream
  • alt##In personIn person (Multiple locations)

Topic: Security, AI Security and Data Governance

Language: English

  • Events in this Series:
  • 15

Welcome to the GitHub Advanced Security series – enabling you to deliver native, developer-first application security on both GitHub and Azure DevOps. Whether you’re new to GitHub Advanced Security or looking to expand your knowledge, we’ll help you learn how to scale and optimize security in your development pipelines, while also diving deeper into specific features. This content is geared towards anyone who wants to improve their code security, from developers and security engineers to DevSecOps managers and CISOs.

Speakers

Past Events in this Series

All times in - Coordinated Universal Time

Apr

10

Wednesday

2024

Introduction to GitHub Advanced Security

5:00 PM - 6:00 PM (UTC)

In this session Ray Kao will share an overview of GitHub Advanced Security key features including code scanning, secret scanning, and supply chain security.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Apr

24

Wednesday

2024

GitHub’s AI + Security Story

5:00 PM - 6:00 PM (UTC)

Join us as Lindsey Bocatto and Dan Shanahan highlight the latest AI-powered features in GitHub Advanced Security.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

May

08

Wednesday

2024

Integrating Security into CI/CD Pipelines

5:00 PM - 6:00 PM (UTC)

In this session, learn how to set up GitHub Advanced Security into your GitHub and Azure DevOps pipelines to keep your developers engaged and ensure security throughout your development cycles.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

May

17

Friday

2024

Accelerate Application Security with GitHub AI

2:00 PM - 6:00 PM (UTC)

This session will showcase GitHub's new AI-powered application security testing capabilities and cover how Microsoft views the code to cloud security synergy between GitHub Advanced Security and Defender for Cloud. The event will include educational sessions and hands-on labs. Participants will have the opportunity to connect with each other, elevate their expertise, and enhance their development capabilities. Agenda: GitHub AI-powered application security testing Code to cloud security with GitHub and Microsoft Hands on lab: strategically roll out your security program with GHAS and Defender for Cloud.

  • Format:
  • alt##In personIn person (New York)

Topic: AI Security and Data Governance

Details

Jun

05

Wednesday

2024

Investigating code security with Copilot

5:00 PM - 6:00 PM (UTC)

In this talk we provide a brief walk-through using Copilot to aid in detecting and fixing security vulnerabilities in source code. Topics covered include: A basic introduction to improving SDLC security using IDE and local environment tools Detecting OWASP Top 10 style vulnerabilities in an example application Remediating detected issues Creating .gitignore files to prevent environment files being committed Looking at how GHAS can be combined with Copilot to improve security further.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jun

19

Wednesday

2024

Automated Governance: Making the Right Thing the Easy Thing

5:00 PM - 6:00 PM (UTC)

Developers deserve the chance to do the right thing. Leadership doesn’t always make it so easy. But in the face of mounting regulations and an ever-changing landscape of application security risks, the opportunity to turn obstacles into opportunities has never been more evident. This week’s guests are industry leaders in the field of software governance. Caleb Queern is the Managing Director of Cybersecurity at KPMG. Michael Edenzon is the Co-Founder and CEO of Fianu, and previously served as the Director of DevOps at PNC Bank. In 2022, Michael and Caleb co-authored the business novel Investments Unlimited, a fictional story about a bank’s journey toward automated governance. What began in 2019 as an industry-led whitepaper has become a movement encompassing AppSec, DevOps, and software supply chain security. At the heart of this movement are platforms like GitHub Advanced Security and Fianu. Caleb and Michael will tell the story of automated governance, the successes and pitfalls of large enterprises that aim to implement it, and how the principles of flow, fast feedback, and continuous improvement can be preserved so that you and your organization can thrive amidst an ever-growing landscape of rules and regulations. Learn more about the series!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jul

10

Wednesday

2024

Navigating the depths of API security testing with 42Crunch and Microsoft

5:00 PM - 6:00 PM (UTC)

In this session, we’ll explore the hidden risks that threaten APIs and delve into vulnerabilities within your codebase. From scanning OpenAPI specs to dynamic testing, we’ll equip you with practical strategies to harden your APIs against attacks. Discover how to seamlessly integrate security practices into your DevOps pipelines. Let’s build a robust shield together! Don’t miss this opportunity to enhance your API security expertise.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jul

24

Wednesday

2024

Application Security Where Developers Live - GitHub and Endor Labs

5:00 PM - 6:00 PM (UTC)

Developers invest a lot of time and effort into their code, making sure it safely delivers innovation and value to users. Unfortunately, a lot of that effort is wasted investigating security findings that ultimately represent no risk to the application. With the GitHub Advanced Security integration, Endor Labs enables development teams to establish efficient, automated processes to deliver software while eliminating 80% of the security noise that wastes developer time.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Aug

21

Wednesday

2024

Scaling AppSec in the world of AI generated code - GitHub and Endor Labs

5:00 PM - 6:00 PM (UTC)

Find vulnerabilities earlier, ship software faster. These are the good intentions behind the drive to shift application security workflows from security teams to developers: a “shift left” move in the software development lifecycle. But does it really work? Hear from leading experts on how AI can help automate security work and make it more developer-centric, topics will include: Secure open source and LLM selection Prioritize risk based on what is reachable and exploitable Remediate at scale without context switching

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Sep

25

Wednesday

2024

How GenAI is making Application Security harder... and easier!

5:00 PM - 6:00 PM (UTC)

Description: The rapid adoption of frameworks, DevOps, CI/CD, and agile processes has increased the velocity at which development teams can iterate and deliver, outpacing security teams' ability to address issues. The introduction of GenAI has exacerbated this problem by further increasing delivery velocity and requiring more APIs to interact with AI. In this session, Scott Gerlach will discuss how to ensure your code is protected in a GenAI-driven software development environment.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Oct

23

Wednesday

2024

Accelerating Innovation: Improving Application Security in the Age of AI

5:00 PM - 6:00 PM (UTC)

As AI has taken the world by storm, we are seeing tremendous productivity gains and increased development speed across the public sector. However, while GitHub Copilot is a fantastic productivity tool and can help write secure code more efficiently, it is not a replacement for proper code review and application security practices. GitHub disrupted the industry by bringing our industry leading application security capabilities to the GitHub Enterprise Cloud. Today, we deliver application scanning, secret scanning, and software supply chain security and allow developers to find and fix vulnerabilities as they code, removing the need for context switching and helping to reduce noise with our high true positive rate. Additionally, with the introduction of GitHub Copilot, we've taken this a giant step further by releasing auto-remediation capabilities. "Found means fixed". Join us for this highly interactive discussion where we'll be diving into GitHub Advanced Security, addressing frequently asked questions around everything from feature functionality, security, roadmap and providing resources so that you can get started today!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Dec

04

Wednesday

2024

Decrease secret leaks with GitHub Advanced Security secret scanning

6:00 PM - 7:00 PM (UTC)

In this demo with Courtney Claessens, senior product manager at GitHub, you’ll discover how to help keep secrets secure, regardless of their structure. Learn how you can scan for almost 300 token types from over 100 service providers, enabling the detection of potential leaked secrets at scale and decreasing the chance secrets are leaked in the first place. You’ll also experience the power of AI in detecting generic secrets, such as passwords, and in creating custom patterns to help protect your organization’s confidential information.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Dec

09

Monday

2024

KPMG & GitHub Partner for Auto-Fix with Copilot to Remediate Vulnerabilities at Scale

9:00 PM - 10:00 PM (UTC)

Found Means Fixed - How KPMG is Partnering with GitHub for Auto-Fix Powered by Copilot for Remediation of Vulnerabilities At-Scale Your application security program will either succeed or fail based on developer adoption of your security tools. Once these security tools are enabled and adopted across your enterprise, the next biggest challenge is remediation (or fixing) these found vulnerabilities at-scale. Enter "Found Means Fixed", GitHub's latest tagline for leveraging industry leading Artificial Intelligence (powered by Copilot) to help fix thousands of vulnerabilities at the click of button. This session will cover how KPMG is providing a world-class services offering centered around "Campaigns" for enterprises leveraging GitHub's Advanced Security auto-fix solution. Campaigns will revolutionize how enterprises think about, plan for, and eliminate application security debt at-scale. Viewers will receive a behind-the-scenes look at the underlying technology and and the people and processes that will change the way DevSecOps practitioners think about managing significant security debt. Did we mention that we can eliminate security debt at-scale? Please join us for what is sure to be an exciting discussion around this game changing technology!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Dec

18

Wednesday

2024

How code scanning in GitHub Advanced Security burns down security debt

6:00 PM - 7:00 PM (UTC)

Join GitHub's Pierre Tempel - Director, Product Management - for a demo and GitHub Advanced Security 101 session. You'll see how code scanning seamlessly integrates vulnerability prevention and remediation into your development workflow and experience the power of Copilot Autofix, which helps fix vulnerabilities up to 3x faster through AI-powered fix suggestions. These features are designed to enhance collaboration and empower both developers and security professionals to build the best and more secure software. Key Takeaway 1: Learn more about the code scanning feature of GitHub Advanced Security. Key Takeaway 2: Understand how code scanning fits into your development workflow. Key Takeaway 3: Turbocharge your remediation workflow with AI. Topic: Security, Vulnerability Detection Target Audience: Enterprise - Developers, Open Source Developers or Maintainers, Security Professionals, Security Leadership

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Past Events in this Series

All times in - Coordinated Universal Time

Apr

10

Wednesday

2024

Introduction to GitHub Advanced Security

5:00 PM - 6:00 PM (UTC)

In this session Ray Kao will share an overview of GitHub Advanced Security key features including code scanning, secret scanning, and supply chain security.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Apr

24

Wednesday

2024

GitHub’s AI + Security Story

5:00 PM - 6:00 PM (UTC)

Join us as Lindsey Bocatto and Dan Shanahan highlight the latest AI-powered features in GitHub Advanced Security.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

May

08

Wednesday

2024

Integrating Security into CI/CD Pipelines

5:00 PM - 6:00 PM (UTC)

In this session, learn how to set up GitHub Advanced Security into your GitHub and Azure DevOps pipelines to keep your developers engaged and ensure security throughout your development cycles.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

May

17

Friday

2024

Accelerate Application Security with GitHub AI

2:00 PM - 6:00 PM (UTC)

This session will showcase GitHub's new AI-powered application security testing capabilities and cover how Microsoft views the code to cloud security synergy between GitHub Advanced Security and Defender for Cloud. The event will include educational sessions and hands-on labs. Participants will have the opportunity to connect with each other, elevate their expertise, and enhance their development capabilities. Agenda: GitHub AI-powered application security testing Code to cloud security with GitHub and Microsoft Hands on lab: strategically roll out your security program with GHAS and Defender for Cloud.

  • Format:
  • alt##In personIn person (New York)

Topic: AI Security and Data Governance

Details

Jun

05

Wednesday

2024

Investigating code security with Copilot

5:00 PM - 6:00 PM (UTC)

In this talk we provide a brief walk-through using Copilot to aid in detecting and fixing security vulnerabilities in source code. Topics covered include: A basic introduction to improving SDLC security using IDE and local environment tools Detecting OWASP Top 10 style vulnerabilities in an example application Remediating detected issues Creating .gitignore files to prevent environment files being committed Looking at how GHAS can be combined with Copilot to improve security further.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jun

19

Wednesday

2024

Automated Governance: Making the Right Thing the Easy Thing

5:00 PM - 6:00 PM (UTC)

Developers deserve the chance to do the right thing. Leadership doesn’t always make it so easy. But in the face of mounting regulations and an ever-changing landscape of application security risks, the opportunity to turn obstacles into opportunities has never been more evident. This week’s guests are industry leaders in the field of software governance. Caleb Queern is the Managing Director of Cybersecurity at KPMG. Michael Edenzon is the Co-Founder and CEO of Fianu, and previously served as the Director of DevOps at PNC Bank. In 2022, Michael and Caleb co-authored the business novel Investments Unlimited, a fictional story about a bank’s journey toward automated governance. What began in 2019 as an industry-led whitepaper has become a movement encompassing AppSec, DevOps, and software supply chain security. At the heart of this movement are platforms like GitHub Advanced Security and Fianu. Caleb and Michael will tell the story of automated governance, the successes and pitfalls of large enterprises that aim to implement it, and how the principles of flow, fast feedback, and continuous improvement can be preserved so that you and your organization can thrive amidst an ever-growing landscape of rules and regulations. Learn more about the series!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jul

10

Wednesday

2024

Navigating the depths of API security testing with 42Crunch and Microsoft

5:00 PM - 6:00 PM (UTC)

In this session, we’ll explore the hidden risks that threaten APIs and delve into vulnerabilities within your codebase. From scanning OpenAPI specs to dynamic testing, we’ll equip you with practical strategies to harden your APIs against attacks. Discover how to seamlessly integrate security practices into your DevOps pipelines. Let’s build a robust shield together! Don’t miss this opportunity to enhance your API security expertise.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jul

24

Wednesday

2024

Application Security Where Developers Live - GitHub and Endor Labs

5:00 PM - 6:00 PM (UTC)

Developers invest a lot of time and effort into their code, making sure it safely delivers innovation and value to users. Unfortunately, a lot of that effort is wasted investigating security findings that ultimately represent no risk to the application. With the GitHub Advanced Security integration, Endor Labs enables development teams to establish efficient, automated processes to deliver software while eliminating 80% of the security noise that wastes developer time.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Aug

21

Wednesday

2024

Scaling AppSec in the world of AI generated code - GitHub and Endor Labs

5:00 PM - 6:00 PM (UTC)

Find vulnerabilities earlier, ship software faster. These are the good intentions behind the drive to shift application security workflows from security teams to developers: a “shift left” move in the software development lifecycle. But does it really work? Hear from leading experts on how AI can help automate security work and make it more developer-centric, topics will include: Secure open source and LLM selection Prioritize risk based on what is reachable and exploitable Remediate at scale without context switching

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Sep

25

Wednesday

2024

How GenAI is making Application Security harder... and easier!

5:00 PM - 6:00 PM (UTC)

Description: The rapid adoption of frameworks, DevOps, CI/CD, and agile processes has increased the velocity at which development teams can iterate and deliver, outpacing security teams' ability to address issues. The introduction of GenAI has exacerbated this problem by further increasing delivery velocity and requiring more APIs to interact with AI. In this session, Scott Gerlach will discuss how to ensure your code is protected in a GenAI-driven software development environment.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Oct

23

Wednesday

2024

Accelerating Innovation: Improving Application Security in the Age of AI

5:00 PM - 6:00 PM (UTC)

As AI has taken the world by storm, we are seeing tremendous productivity gains and increased development speed across the public sector. However, while GitHub Copilot is a fantastic productivity tool and can help write secure code more efficiently, it is not a replacement for proper code review and application security practices. GitHub disrupted the industry by bringing our industry leading application security capabilities to the GitHub Enterprise Cloud. Today, we deliver application scanning, secret scanning, and software supply chain security and allow developers to find and fix vulnerabilities as they code, removing the need for context switching and helping to reduce noise with our high true positive rate. Additionally, with the introduction of GitHub Copilot, we've taken this a giant step further by releasing auto-remediation capabilities. "Found means fixed". Join us for this highly interactive discussion where we'll be diving into GitHub Advanced Security, addressing frequently asked questions around everything from feature functionality, security, roadmap and providing resources so that you can get started today!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Dec

04

Wednesday

2024

Decrease secret leaks with GitHub Advanced Security secret scanning

6:00 PM - 7:00 PM (UTC)

In this demo with Courtney Claessens, senior product manager at GitHub, you’ll discover how to help keep secrets secure, regardless of their structure. Learn how you can scan for almost 300 token types from over 100 service providers, enabling the detection of potential leaked secrets at scale and decreasing the chance secrets are leaked in the first place. You’ll also experience the power of AI in detecting generic secrets, such as passwords, and in creating custom patterns to help protect your organization’s confidential information.

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Dec

09

Monday

2024

KPMG & GitHub Partner for Auto-Fix with Copilot to Remediate Vulnerabilities at Scale

9:00 PM - 10:00 PM (UTC)

Found Means Fixed - How KPMG is Partnering with GitHub for Auto-Fix Powered by Copilot for Remediation of Vulnerabilities At-Scale Your application security program will either succeed or fail based on developer adoption of your security tools. Once these security tools are enabled and adopted across your enterprise, the next biggest challenge is remediation (or fixing) these found vulnerabilities at-scale. Enter "Found Means Fixed", GitHub's latest tagline for leveraging industry leading Artificial Intelligence (powered by Copilot) to help fix thousands of vulnerabilities at the click of button. This session will cover how KPMG is providing a world-class services offering centered around "Campaigns" for enterprises leveraging GitHub's Advanced Security auto-fix solution. Campaigns will revolutionize how enterprises think about, plan for, and eliminate application security debt at-scale. Viewers will receive a behind-the-scenes look at the underlying technology and and the people and processes that will change the way DevSecOps practitioners think about managing significant security debt. Did we mention that we can eliminate security debt at-scale? Please join us for what is sure to be an exciting discussion around this game changing technology!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Dec

18

Wednesday

2024

How code scanning in GitHub Advanced Security burns down security debt

6:00 PM - 7:00 PM (UTC)

Join GitHub's Pierre Tempel - Director, Product Management - for a demo and GitHub Advanced Security 101 session. You'll see how code scanning seamlessly integrates vulnerability prevention and remediation into your development workflow and experience the power of Copilot Autofix, which helps fix vulnerabilities up to 3x faster through AI-powered fix suggestions. These features are designed to enhance collaboration and empower both developers and security professionals to build the best and more secure software. Key Takeaway 1: Learn more about the code scanning feature of GitHub Advanced Security. Key Takeaway 2: Understand how code scanning fits into your development workflow. Key Takeaway 3: Turbocharge your remediation workflow with AI. Topic: Security, Vulnerability Detection Target Audience: Enterprise - Developers, Open Source Developers or Maintainers, Security Professionals, Security Leadership

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

For questions please contact us at reactor@microsoft.com