Integration of GhAS in Copilot for Security - Configuration

Integration of GhAS in Copilot for Security - Configuration

Stefano Pescosolido Stefano Pescosolido

Stefano Pescosolido

Security Technical Specialist @ Microsoft

发布日期: 2024年4月22日
+ 关注
This article is part of a series of articles related to how to install and use two custom (unofficial!) plugins just released for the integration of GitHub Advanced Security (GhAS) in Copilot for Security. Please start from here: Copilot for Security Custom Plugin for GitHub Advanced Security | LinkedIn

Let's see how to install the 2 custom plugins for GitHub Advanced Security.

At the time of this writing, they are published it my own personal GitHub repo: cfs/GitHubAdvancedSecurity-CustomPlugins at main · stefanpems/cfs. From this repo, download the 2 manifest files (*manifest.yaml).

Now, open the Copilot for Security portal at https://securitycopilot.microsoft.com/.

On the prompt bar, click on the sources icon:

Click on the "Sources" icon

On the "Custom" section, click on the "Upload plugin" icon:

Click on the "Upload plugin" icon

Make your choice for the plugin visibility (note: you may not change it if you have not the right to do so) and then select the "Copilot for Security plugin" button:

Select the plugin's visibility and type

Add the first of the 2 yaml files. For example, start with the GitHubAdvancedSecurityPlugin-Repo-Manifest.yaml file:?

Add the first manifest YAML file
Finalize the upload by pushing the "Add" button

A message will quickly appears confirming that the plugin was successfully loaded in Copilot. A new panel appears requesting to insert the name of your GitHub Organization and the value of the "Personal access token (classic)" key (please refer to my other article dedicated on how to retrieve that key):

领英推荐

Set the two parameters: the name of the GitHub organization and the Personal access token for GitHub

For example:

Example of how to set these two parameters

Close the panel by clicking on the "Setup" button.

The plugin should now be visible in the list of the custom plugins. It will be visibile for others if you selected the visibility at organization level.

Repeat the same steps for adding the second manifest yaml file. After this, you should have these 2 custom plugins:

View of the two custom plugins correctly installed

Please note that for a few seconds, on the right of the plugin name, you may see the button "Set up"...

Setup button

...instead of the toggle set on "On" (= configured):

Configured toggle

If so, just wait for some additional seconds. If necessary, close and reopen the list of plugins. Ensure that the two plugins appear as correctly configured.


要查看或添加评论,请登录

Stefano Pescosolido的更多文章

社区洞察

其他会员也浏览了