I never thought I’d be someone who actually thought it was a good idea to download GitHub as an App on my phone, but here we are. Charting territory I honestly felt like I didn’t belong in. To be honest, even working IT, there were moments where I just didn’t think I met the “mark” of someone who was “passionate” enough to do something like this.
For the first time in my career, I do feel that I’ve found enough “passion” to warrant having access to my coding agent at all times. Now that I've entered the testing phase of the homeschool site build out, I've been using GitHub Copilot to help me resolve the issues that pop up as I'm walking through the workflows for the site.
First, I've begun to use the issues on the repository to assign work to Copilot. The past few weeks have been a whirlwind of things on both the professional and personal side and this has been a really nice way to still stay plugged in without having to spend hours in front of the screens troubleshooting the website issues.
Also, my use of a public repo is coming in handy because I've been able to allow Copilot to help me make sure the dependencies for the React framework I'm using for the frontend stay up to date. Really nice. But I'm ready to use instructions to see if I can get Copilot to do this without my repo needing to be public. I decided to start with my backend because Python is easier for me to navigate
The first instruction I've created does these things:
- Makes sure that my lambdas all stay on a supported runtime version
- Pins package versions so that I can stay on versions that are not vulnerable and not automatically update latest just in case it's a compromised package
- Makes sure I use the latest version of the github-actions for my python builds.
- Runs a pip-audit to see if a package has any known CVEs
To get help writing this set of instructions, I used Copilot to assess my rough draft as an application security engineer and to make appropriate edits to the file to make it align with best practices. Some suggestions it included then was to ensure that I had something in place to protect against typosquating, address CORS, guard against injection attempts, and ensure there's a limit to input to my site.
These instructions are going to load into Copilot and essentially guide Copilot to help me ensure that the recommendations it makes will always align to these standards for my repository. Currently only have this enabled on my backend repo, so my frontend repo will be next.
Top comments (0)