*This is my submission for the GitHub Copilot CLI Challenge
*
What I Built
SentinelCLI is a DevSecOps automation tool designed to bridge the gap between static code scanning and actionable remediation. It scans repositories for sensitive files (like .env or leaked keys), uses GitHub Copilot CLI to analyze the security implications of those findings, and automatically generates formatted GitHub Issues with remediation steps.
For me, this project represents the future of "Self-Healing" infrastructure—where AI doesn't just find bugs but helps manage the entire lifecycle of a security fix.
Demo
GitHub Repository: https://github.com/ayodelehazeley/sentinelcli
Walkthrough: 1. scan: Identifies high-risk files. 2. analyze: Triggers gh copilot explain to get expert security advice. 3. issues: Automatically pushes those insights to the repo as labeled security alerts.
My Experience with GitHub Copilot CLI
Integrating GitHub Copilot CLI was a game-changer for the "Analysis" phase of my tool. Instead of writing complex regex-based security rules, I leveraged the gh copilot explain command to interpret findings dynamically.
The Impact:
Reduced Friction: I didn't have to build a custom LLM integration; the CLI provided a secure, authenticated bridge to AI insights directly through the user's existing GitHub session.
Learning Curve: I encountered an interesting challenge where the copilot extension can sometimes collide with built-in CLI namespaces. Solving this by using gh extension exec taught me a lot about the architecture of the GitHub CLI and how robust extension management works.
Efficiency: Automated issue creation usually results in "dry" reports, but with Copilot CLI, each issue now contains helpful, conversational advice on how to fix the leak, not just that a leak exists.
cover image (if you want). -->
<!-- Team Submissions: https://dev.to/ayodelehazeley
Top comments (0)