demo: GitHub Advanced Security + Agentic DevSecOps

[CalinL]

GitHub Advanced Security + Agentic DevSecOps

• Unified visibility into DevOps security posture
• Integrate with other AppSec tools for an e2e ASPM solution.
• To implement security at scale successfully, we must empower teams and the entire enterprise with the Agentic DevSecOps blueprint.

DevSecOps Guidelines

• Security Custom Agents
• Secrets Scanning
• SCA (Software Composition Analysis)
• SAST (Static Application Security Test)
• IaC Scanning (Infrastructure as Code Scanning)
• CIS (Container Image Scanning)
• DAST (Dynamic Application Security Test)
• Continuous Scanning
• Compliance Check

🤖 Agentic DevSecOps is essential for building secure AI apps and agents.

Transforming Security with GHAS + GHCP + MDC

---

---

• Security Custom Agents

  • Security Agent
  • Security Reviewer Agent
  • Security Plan Creator Agent
  • Supply Chain Security Agent
  • Iac Security Agent
  • Pipeline Security Agent

• Secrets Scanning

  • Push Protection
  • GitHub Secret Protection
  • Copilot Secret Scanning
  • Custom Patterns
  • Auto

• Dependency Scanning (SCA)

  • Supply Chain Security
  • Dependency Review
  • Dependabot
  • Artifact attestations
  • Anchore Syft SBOM
  • Microsoft SBOM
  • OSSF Scorecard
  • SLSA v1.0 Build Level 2/3
  • Workflow / Auto

• Code Scanning (SAST)

  • GitHub Code Security
  • CodeQL Analysis
  • Default & Advanced
  • Copilot Autofix
  • 3rd Party Tools
  • Kubesec
  • Workflow / Auto

• IaC Scanning

  • Microsoft Security DevOps (MSDO)
  • Checkov
  • IaCFileScanner
  • Template Analyzer
  • Terrascan / Kics
  • Trivy / tfsec
  • Workflow

• Container Scanning

  • Microsoft Security DevOps (MSDO)
  • Checkov
  • Terrascan
  • Trivy
  • Anchore Grype
  • Workflow

• DAST

  • Zed Attack Proxy (ZAP) by Checkmarx
  • Workflow

• Continuous Scanning

  • Tools / Checks
  • Microsoft
  • Defender for Cloud
  • Microsoft Sentinel
  • Azure Policy
  • Workflow / Auto

---