Microsoft Reactor

Accelerating AppSec: How to Implement a Comprehensive DevSecOps Program using GitHub GHAS and Copilot with Coveros

Much attention is spent on using GitHub Advanced Security (GHAS) and GitHub Copilot to support tactical application security tasks such as code scanning, dependency checking, secrets management, and vulnerability remediation.

While these activities are all part of a comprehensive application security program, there are many other aspects of app sec that GHAS and Copilot can accelerate. Some of these include:

● Threat modeling
● Architectural risk analysis
● Automated governance
● Root cause analysis of vulnerabilities

Join Jeffery Payne and Thomas Stiehm from Coveros as they discuss the business need for a comprehensive DevSecOps program and how GitHub GHAS and Copilot can be used end-to-end in your SDLC to accelerate the delivery of secure and reliable applications.

What You’ll Learn:
● How GHAS and Copilot support much more than vulnerability identification and remediation.
● Understand why code scanning is necessary but insufficient for finding vulnerabilities.
● Using Copilot to support early lifecycle risk management activities
● How to effectively automate your governance processes within the GitHub platform.

Take home valuable information on structuring and running a DevSecOps program using GitHub GHAS and Copilot.