Integration of GhAS in Copilot for Security - Logic App Creation
This article is part of a series of articles related to how to install and use two custom (unofficial!) plugins just released for the integration of GitHub Advanced Security (GhAS) in Copilot for Security. Please start from here: Copilot for Security Custom Plugin for GitHub Advanced Security | LinkedIn
In this article I show how to create an Azure Logic App to interact with Copilot for Security. Despite the fact that, as described below, the prompts included in the flow are designed to interact with the custom plugin for GitHub Advanced Security, what I'm showing here is generic and can be applied to any Logic App using the Copilot for Security connector.
This sample Logic App generates a periodic report of the scanning made by GitHub Advanced Security (code, dependencies and secrets scanning). The resulting email looks like this:
Let me anticipate something really, really interesting: aside from the formatting of the external HTML structure of the email which was explicitly added to the Logic App, the retrieval, the field selection and also the HTML formatting of the content is done by Copilot for Security according to my input written in natural language: no a single line of custom code was developed for this complex sequence of tasks. This magic is part of the native Large Language Model GPT4 capabilities included in Copilot for Security.
Let's start...! Open the Azure portal and create a new custom Azure Logic App. Typically, you may want to select the Consumption plan:
?Set a starting trigger, for example, a daily recurrence:
Add a "Submit a Copilot for Security prompt" action:
Proceed with the OAuth signin to create the connection used by this flow:
Before continuing, you may want to add a parameter for holding the GitHub Org name:
Start editing the "Submit a Copilot for Security prompt" action. For example, you can change its title and you can write a prompt for Copilot with a text like this:
It's very useful to specify the format that we desire for the output, as highlighted in the screenshot above: Copilot will format it accordingly. It may be also useful to clarify what we want and we don't want to see in the output.
You may want to add additional prompts to this same session with Copilot. In our example let's add 2 additional prompts: one to obtain the alerts from the dependabot scanning and the other to obtain the alerts from the code scanning. Both these prompts, as the previous one, will use the custom plugin for GitHub Advanced Security.
In these new prompts, ensure to set the same sessionId of the first prompt:?
In the new prompts, thanks to the fact that we are using the same session of the first prompt, we do not need to insert again the input parameters:
Now, add 3 "Parse JSON" activities: one for each of the 3 calls made to Copilot. They are helpful to get the correct part of the output from Copilot:?
Click on the objects selector and select the "Body" of the Copilot's response:
Use this schema:
{
"properties": {
"Evaluation Result Content": {
"type": "string"
},
"Evaluation Result Type": {
"type": "string"
},
"Prompt Content": {
"type": "string"
},
"SessionId": {
"type": "string"
},
"Skill Name": {},
"Skill Sources": {
"type": "array"
}
},
"type": "object"
}
So, you should have something like this:
领英推荐
Repeat it for parsing the output of the other 2 interactions with Copilot. You should now get something like this:
Now, let's create a variable for building a well formatted HTML for the emailBody:?
Add the HTML for the body of a well formatted email. Add the results of the Parse_JSON actions within the HTML structure.?
This is the HTML added to the body:
?<!DOCTYPE html>
<html>
<style>
.notification-table-header {
width: auto;
border-top: none;
background: #0078D4;
font-size: 11.0pt;
color: white;
font-weight: bold;
margin-left: 10px;
text-align: left;
border: none;
border-bottom: solid white 1.5pt;
}
.notification-table-text {
margin-left: 5px;
width: 70%;
text-align: left;
border: none;
border-bottom: solid white 1.5pt;
background: #FAFAFA;
font-size: 12.0pt;
height: 20.05pt;
}
.notification-card-footer span {
font-size: 12.0pt;
color: #000000;
}
.notification-card-footer p {
vertical-align: baseline;
}
.notification-body {
margin: 0 auto;
text-align: center;
width: 650px;
border: 1px black;
border-collapse: collapse;
background-color: #CCE4F6;
}
</style>
<body style="background-color: #dfdfdf;">
<table style="width:100%;">
<tr>
<td style="padding:0;">
<div align="center">
<table class="notification-body">
<tr style="border: 1px grey; border-top:none;">
<td>
<p style='font-size:5.0pt;'>
<span> </span>
</p>
<table style='width:590px;margin:0 auto;border-collapse:collapse;'>
<tr class="notification-card-footer">
<td><p style='text-align:left; font-size:12.0pt;'><b>Daily report for GitHub Advanced Security scannings.</b></p>
<p style='text-align:left; font-size:12.0pt;'>Details: </p>
</td>
</tr>
<tr>
<td class="notification-table-header">
<span> Dependabot scanning results:</span>
</td>
</tr>
<tr>
<td class="notification-table-text">
<span>@{body('Parse_Dependabot_scanning_call')?['Evaluation Result Content']}</span>
</td>
</tr>
<tr class="notification-card-footer">
<td>
<p style='text-indent:36.0pt;'>
<span style='font-size:10.0pt;'> </span>
</p>
</td>
</tr>
<tr>
<td class="notification-table-header">
<span> Code scanning results:</span>
</td>
</tr>
<tr>
<td class="notification-table-text">
<span>@{body('Parse_Code_scanning_call')?['Evaluation Result Content']}</span>
</td>
</tr>
<tr class="notification-card-footer">
<td>
<p style='text-indent:36.0pt;'>
<span style='font-size:10.0pt;'> </span>
</p>
</td>
</tr>
<tr>
<td class="notification-table-header">
<span> Secrets scanning results:</span>
</td>
</tr>
<tr>
<td class="notification-table-text">
<span>@{body('Parse_Secrets_scanning_call')?['Evaluation Result Content']}</span>
</td>
</tr>
<tr class="notification-card-footer">
<td>
<p style='text-indent:36.0pt;'>
<span style='font-size:10.0pt;'> </span>
</p>
</td>
</tr>
<tr class="notification-card-footer">
<td>
<p style='text-align:center;'>
<span style='font-size:12.0pt;'>To learn more about your environment's GitHub Advanced Security scanning results please click <a >here</a>.</span><br>
</p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</body>
</html>
Add a second workflow parameter, this time titled "EmailRecipients"
Add a "Send an email (V2)" action. Proceed with the first signin needed to create the connection to Exchange Online:
Set the fields of the action by using the EmailRecipients parameter and the emailBody variable, both retrieved dynamically.
Save your workflow:
?
Go to overview and run it for test:
The recipients will get an email like the following one:
During or after the execution of the Logic App, you can open its "Run history" and delve into the details of the execution:
For example, you can take a look to the output of each call made to Copilot:
Please note that you can get the same evidences in the Copilot for Security's portal, by accessing the session generated by the workflow!
Note: ensure to give enough SCUs to your capacity for Copilot for Security in Azure, otherwise your workflows may fail with a HTTP 500 "Internal Server Error" exception (message: "BadGateway"), until the capacity will be available again.
?
??
?