|
| 1 | +--- |
| 2 | +title: "Agentic DevSecOps Workshop" |
| 3 | +description: "Learn to use AI-powered DevSecOps agents — from zero to hero" |
| 4 | +--- |
| 5 | + |
| 6 | +# Agentic DevSecOps Workshop |
| 7 | + |
| 8 | +> Learn to use AI-powered DevSecOps agents — from zero to hero |
| 9 | +
|
| 10 | +This hands-on workshop teaches you how to integrate GitHub Copilot custom agents |
| 11 | +into your DevSecOps workflows. You will configure security scanners, accessibility |
| 12 | +checkers, code quality analyzers, and FinOps cost gates, all powered by AI agents |
| 13 | +that produce SARIF-compliant findings visible in the GitHub Security tab. |
| 14 | + |
| 15 | +By the end of this workshop you will be able to run automated security, accessibility, |
| 16 | +and code quality scans from your IDE and CI/CD pipelines, interpret SARIF output, |
| 17 | +and build your own custom agent. |
| 18 | + |
| 19 | +## Who Is This For? |
| 20 | + |
| 21 | +| Audience | What You Will Learn | |
| 22 | +|---|---| |
| 23 | +| **Developers** | Run AI-powered scans from VS Code using Copilot agents | |
| 24 | +| **DevOps Engineers** | Wire agent-driven workflows into GitHub Actions pipelines | |
| 25 | +| **Security Engineers** | Understand SARIF output and integrate findings into governance | |
| 26 | +| **Platform Engineers** | Extend the framework with custom agents for your organization | |
| 27 | + |
| 28 | +## Prerequisites |
| 29 | + |
| 30 | +Before starting Lab 00, ensure you have the following: |
| 31 | + |
| 32 | +- [Visual Studio Code](https://code.visualstudio.com/) (latest stable) |
| 33 | +- [Node.js](https://nodejs.org/) v20 or later |
| 34 | +- [Git](https://git-scm.com/) 2.40 or later |
| 35 | +- A [GitHub account](https://github.com/) with |
| 36 | + [GitHub Copilot](https://github.com/features/copilot) access |
| 37 | +- GitHub Copilot Chat extension installed in VS Code |
| 38 | + |
| 39 | +## Labs |
| 40 | + |
| 41 | +Work through the labs in order. Each lab builds on the previous one. |
| 42 | + |
| 43 | +- [ ] [Lab 00 - Prerequisites and Environment Setup](labs/lab-00-setup.md) _(30 min, Beginner)_ |
| 44 | +- [ ] [Lab 01 - Explore the Sample App](labs/lab-01.md) _(25 min, Beginner)_ |
| 45 | +- [ ] [Lab 02 - Understanding Agents, Skills, and Instructions](labs/lab-02.md) _(20 min, Beginner)_ |
| 46 | +- [ ] [Lab 03 - Security Scanning with Copilot Agents](labs/lab-03.md) _(40 min, Intermediate)_ |
| 47 | +- [ ] [Lab 04 - Accessibility Scanning with Copilot Agents](labs/lab-04.md) _(35 min, Intermediate)_ |
| 48 | +- [ ] [Lab 05 - Code Quality Analysis with Copilot Agents](labs/lab-05.md) _(35 min, Intermediate)_ |
| 49 | +- [ ] [Lab 06 - Understanding SARIF Output](labs/lab-06.md) _(30 min, Intermediate)_ |
| 50 | +- [ ] [Lab 07 - Setting Up GitHub Actions Pipelines](labs/lab-07.md) _(40 min, Intermediate)_ |
| 51 | +- [ ] [Lab 08 - Viewing Results in GitHub Security Tab](labs/lab-08.md) _(25 min, Intermediate)_ |
| 52 | +- [ ] [Lab 09 - FinOps Agents and Azure Cost Governance](labs/lab-09.md) _(45 min, Advanced)_ ⭐ Optional |
| 53 | +- [ ] [Lab 10 - Agent Remediation Workflows](labs/lab-10.md) _(45 min, Advanced)_ |
| 54 | +- [ ] [Lab 11 - Creating Your Own Custom Agent](labs/lab-11.md) _(45 min, Advanced)_ |
| 55 | + |
| 56 | +## Delivery Tiers |
| 57 | + |
| 58 | +Choose the tier that fits your schedule: |
| 59 | + |
| 60 | +| Tier | Labs | Duration | Audience | |
| 61 | +|---|---|---|---| |
| 62 | +| **Half-Day** | Labs 00 – 05 | ~3 hours | First exposure to agent-driven scanning | |
| 63 | +| **Full-Day** | Labs 00 – 08 | ~5.5 hours | End-to-end pipeline integration | |
| 64 | +| **Extended** | Labs 00 – 11 | ~7.5 hours | Deep dive including FinOps, remediation, and custom agents | |
| 65 | + |
| 66 | +## Lab Dependency Diagram |
| 67 | + |
| 68 | +```mermaid |
| 69 | +graph LR |
| 70 | + L00[Lab 00: Setup] --> L01[Lab 01: Sample App] |
| 71 | + L01 --> L02[Lab 02: Agents & Skills] |
| 72 | + L02 --> L03[Lab 03: Security] |
| 73 | + L02 --> L04[Lab 04: Accessibility] |
| 74 | + L02 --> L05[Lab 05: Code Quality] |
| 75 | + L03 --> L06[Lab 06: SARIF] |
| 76 | + L04 --> L06 |
| 77 | + L05 --> L06 |
| 78 | + L06 --> L07[Lab 07: GitHub Actions] |
| 79 | + L07 --> L08[Lab 08: Security Tab] |
| 80 | + L07 --> L09[Lab 09: FinOps] |
| 81 | + L08 --> L10[Lab 10: Remediation] |
| 82 | + L10 --> L11[Lab 11: Custom Agent] |
| 83 | +
|
| 84 | + style L09 stroke-dasharray: 5 5 |
| 85 | +``` |
| 86 | + |
| 87 | +Labs 03, 04, and 05 can be completed in any order. Lab 09 is optional and does |
| 88 | +not block later labs. |
| 89 | + |
| 90 | +## Getting Started |
| 91 | + |
| 92 | +1. Click **"Use this template"** at the top of this repository to create your |
| 93 | + own copy. |
| 94 | +2. Clone the new repository to your local machine. |
| 95 | +3. Open the repository in VS Code. |
| 96 | +4. Start with [Lab 00 - Prerequisites and Environment Setup](labs/lab-00-setup.md). |
| 97 | + |
| 98 | +## Credits |
| 99 | + |
| 100 | +This workshop is built on the |
| 101 | +[Agentic DevSecOps Framework](https://github.com/devopsabcs-engineering/agentic-devsecops-framework), |
| 102 | +which provides the agents, skills, instructions, and sample application used |
| 103 | +throughout the labs. |
| 104 | + |
| 105 | +## License |
| 106 | + |
| 107 | +This project is licensed under the [MIT License](LICENSE). |
0 commit comments