Exercise - Resolve GitHub Security Alerts

  • 40 minutes

Important

To complete this exercise, you need an active GitHub account and a Visual Studio Code environment. If you don't have a GitHub account, you can sign up for a free individual account and use a GitHub Copilot Free plan to complete the exercise. For help with enabling GitHub Copilot in Visual Studio Code, see Enable GitHub Copilot in Visual Studio Code.

In this exercise, you use GitHub and GitHub Copilot to analyze and remediate GitHub secret scanning alerts for the ContosoOrderProcessor legacy application. Tasks include:

  1. Import the ContosoOrderProcessor repository to your GitHub account.
  2. Review security alerts on GitHub.
  3. Review the code project in Visual Studio Code.
  4. Configure environment variables and run the application.
  5. Use GitHub Copilot's Ask mode to analyze secret scanning alerts.
  6. Use GitHub Copilot's Agent mode to remediate secret scanning alerts.
  7. Push changes to GitHub and close secret scanning alerts.
  8. Test the GitHub Push protection feature.

When you select the launch exercise button, the browser navigates to a public GitHub page that provides instructions for this exercise.

When you finish the exercise, return here for:

  • A quick knowledge check.
  • A summary of what you learned during this module.
  • A badge for completing this module.

Button to launch exercise.