You've completed building a full DevOps pipeline with scripts, configurations, and automation. Now it's time to master advanced GitHub Copilot features, improve code security, and create comprehensive documentation for everything you've built.
The purpose of this lab is to learn:
- Advanced prompt engineering techniques
- Security vulnerability detection and remediation
- Code quality improvements and refactoring
- Comprehensive documentation generation
- Workspace-aware Copilot features
- Security hardening best practices
- Master prompt patterns that work across all languages
- Use Copilot to identify and fix security issues
- Generate complete documentation suites
- Leverage
@workspacefor cross-file analysis - Implement security best practices
- Create reusable knowledge bases
- Completed Labs 1-5 (all scripts and configurations)
- All previous lab files available in workspace
- Security mindset and awareness of common vulnerabilities
Create a master prompt guide from all your learnings:
-
Create a new file named
MASTER_PROMPT_GUIDE.mdin the repository root. -
Ask Copilot Chat with
@workspacecontext:"Analyze all the prompts and interactions across the entire workspace. Create a comprehensive prompt engineering guide that includes: - Best prompt patterns for PowerShell scripting - Best prompt patterns for Python development - Best prompt patterns for YAML/configuration files - Best prompt patterns for Ansible playbooks - Best prompt patterns for GitHub Actions - When to use Chat vs Inline vs Agent modes - How to provide effective context - Common prompt mistakes to avoid - Examples from successful prompts in this workspace Organize by language/tool and include real examples." -
Review and enhance with your personal observations.
-
Add a "Quick Reference" section at the top with your most-used prompts.
-
Add a "Troubleshooting" section for when Copilot doesn't understand.
Use Copilot to audit your code for security issues:
-
Create a new file named
SECURITY_AUDIT.mdin the repository root. -
Open your PowerShell script from Lab 1 and ask Copilot Chat:
"Perform a security audit of this PowerShell script. Identify: - Hardcoded credentials or secrets - Command injection vulnerabilities - Path traversal risks - Insufficient input validation - Privilege escalation risks - Insecure file operations Provide specific line numbers and remediation steps" Document all findings in SECURITY_AUDIT.md. -
Choose a CRITICAL Security Issue found, ask Copilot:
"Fix the security Issue: [paste the problematic code]. Provide secure alternative with explanation"
-
Apply fixes to your scripts
Secure your Python applications:
- Open your Python scripts from Lab 2 and ask Copilot:
"Review this Python code for security vulnerabilities including:
- SQL injection (if database access exists)
- Command injection via subprocess
- Path traversal in file operations
- Insecure deserialization
- Unsafe use of eval/exec
- Missing input sanitization
- Dependency vulnerabilities
Provide fixes with secure coding patterns"
Document all security improvements in SECURITY_AUDIT.md.
- Ask Copilot to add input validation:
"Add comprehensive input validation to all functions that accept user input or external data. Use type hints and validation libraries"
- Ask Copilot to implement proper error handling:
"Review error handling and ensure sensitive information is not leaked in error messages. Add proper logging without exposing secrets"
Remove hardcoded secrets and implement secure patterns:
- Ask Copilot Chat with
@workspace:
"Scan the entire workspace for hardcoded secrets, API keys, passwords, connection strings, and credentials. List all findings with file paths and line numbers"
-
For each finding, ask Copilot:
"Replace this hardcoded credential with Azure Key Vault integration. Provide complete code for: - Connecting to Key Vault - Retrieving the secret - Error handling - Caching the secret securely Include necessary imports and configuration" -
Update your GitHub Actions workflows to use GitHub Secrets:
"Update this GitHub Actions workflow to use secrets instead of hardcoded values. Show how to: - Define secrets in GitHub - Reference them in workflows - Pass them securely to scripts - Mask sensitive output" -
Create a
SECRETS_MANAGEMENT.mdguide documenting your approach.
Use advanced Copilot features for cross-file improvements:
-
Ask Copilot Chat with
@workspace:"Analyze all scripts across the workspace and identify: - Duplicated code that could be refactored into shared functions - Inconsistent error handling patterns - Missing logging in critical operations - Inconsistent naming conventions - Missing docstrings/comments Provide a prioritized improvement plan" -
Create shared utility modules:
"Create a shared utilities module that consolidates common functions used across PowerShell and Python scripts. Include: - Logging configuration - Error handling wrappers - Configuration loading - Validation helpers Show how to import and use in existing scripts" -
Ask Copilot to generate unit tests:
"Generate comprehensive unit tests for [specific script]. Include: - Test cases for normal operation - Edge cases and boundary conditions - Error handling tests - Mock external dependencies - Use pytest for Python, Pester for PowerShell" -
Document the refactoring in
CODE_QUALITY_IMPROVEMENTS.md.
Generate compliance and security documentation:
-
Create
SECURITY_COMPLIANCE.mdand ask Copilot:"Generate a security compliance document for this DevOps pipeline covering: - Data protection measures (encryption at rest/transit) - Access control and authentication - Audit logging requirements - Secrets management approach - Network security considerations - Compliance with SOC 2, ISO 27001 principles - Incident response procedures Map each control to specific implementations in our code" -
Create a security checklist:
"Create a pre-deployment security checklist that covers: - Code review requirements - Security scanning tools to run - Secret detection verification - Access control validation - Monitoring and alerting setup - Backup and recovery procedures Make it actionable with yes/no checkboxes" -
Ask Copilot to generate a security incident response plan:
"Create an incident response runbook for common security scenarios: - Compromised credentials detected - Unauthorized access attempts - Data breach indicators - Malware detection Include detection, containment, and remediation steps"
Generate complete documentation for the entire project:
-
Update the main README.md:
"@workspace Create a comprehensive README.md for this repository that includes: - Project overview and purpose - Architecture diagram (Mermaid syntax) - Prerequisites and setup instructions - Lab-by-lab walkthrough with links - Security considerations - Deployment guide - Troubleshooting section - Contributing guidelines Make it professional and easy to follow" -
Generate API documentation for Python:
"Generate Sphinx-compatible docstrings for all Python functions and classes. Include: - Function purpose and behavior - Parameter descriptions with types - Return value descriptions - Raises (exception documentation) - Usage examples - Notes about security considerations" -
Create PowerShell module help:
"Add PowerShell comment-based help to all functions including: - .SYNOPSIS - .DESCRIPTION - .PARAMETER (for each parameter) - .EXAMPLE (multiple examples) - .NOTES (including security notes) - .LINK (to related documentation)" -
Generate architecture diagrams:
"Create Mermaid diagrams showing: - Overall system architecture - CI/CD pipeline flow - Data flow between components - Security boundaries and controls - Deployment topology Add these to ARCHITECTURE.md"
Add automated security testing:
-
Ask Copilot to create a security testing workflow:
"Create a GitHub Actions workflow that runs security scans: - Secret detection with tools like GitGuardian or TruffleHog - Dependency vulnerability scanning - Static code analysis for security issues - YAML/config validation - Fail the build on critical vulnerabilities - Generate security reports as artifacts" -
Add security linting to your CI/CD:
"Add security linters to the pipeline: - Bandit for Python security issues - PSScriptAnalyzer for PowerShell - ansible-lint with security rules - yamllint with security-focused rules Configure with strict security rules" -
Create a security baseline:
"Create a security baseline configuration file that defines: - Minimum security requirements - Allowed and blocked patterns - Required security controls - Compliance requirements Use this to validate all new code"
Create a searchable knowledge base:
-
Create
KNOWLEDGE_BASE.md:"@workspace Compile a knowledge base from all learnings including: - Common Issues and Solutions (troubleshooting guide) - Prompt Patterns Library (indexed by task type) - Security Patterns Catalog - Code Snippets Repository (reusable code blocks) - Tool-Specific Tips (PowerShell, Python, Ansible, GitHub Actions) - Performance Optimization Tips - Best Practices Summary Organize with a table of contents and make it searchable" -
Add a FAQ section:
"Generate an FAQ based on common questions about: - Using Copilot effectively - Security best practices - Troubleshooting common issues - Deployment procedures - Maintenance and updates" -
Create a lessons learned document:
"Reflect on the entire lab series and document: - Key takeaways for using Copilot in DevOps - What worked well and what didn't - Productivity improvements observed - Skills developed - Future recommendations Include specific examples and metrics if available"
Security-focused prompts:
- "Analyze this code for OWASP Top 10 vulnerabilities"
- "Generate a security test suite for this API"
- "Show me how to implement defense in depth for this service"
- "Create a threat model for this deployment architecture"
- "Add rate limiting and input sanitization to these endpoints"
Advanced workspace prompts:
- "@workspace Find all functions that handle user input and add validation"
- "@workspace Identify inconsistent error handling patterns"
- "@workspace Generate integration tests for the complete pipeline"
- "@workspace Create a migration guide for upgrading dependencies"
- "@workspace Find all TODOs and security FIXMEs"
- MASTER_PROMPT_GUIDE.md contains patterns from all labs
- Security audit completed for all scripts
- Hardcoded secrets removed and secure alternatives implemented
- Unit tests generated for critical functions
- Comprehensive documentation created
- Security testing automated in CI/CD
- Compliance documentation generated
- Knowledge base compiled
- All security fixes applied and tested
- Implement automated security scanning in pre-commit hooks
- Create a Copilot usage metrics dashboard
- Build a custom Copilot extension for your specific patterns
- Generate video documentation using Copilot for scripts
- Create a template repository with all best practices baked in
- Contribute security patterns back to the community
What you've accomplished:
- Lab 1: PowerShell monitoring and automation
- Lab 2: Python data processing and visualization
- Lab 3: YAML configuration management
- Lab 4: Ansible infrastructure automation
- Lab 5: GitHub Actions CI/CD pipeline
- Lab 6: Advanced Copilot features and security hardening
Skills mastered:
- Using GitHub Copilot across multiple languages and tools
- Security-first development practices
- Infrastructure as Code
- CI/CD pipeline automation
- Comprehensive documentation
- Prompt engineering mastery
You are now a GitHub Copilot Power User
Continue practicing these patterns in your daily work, contribute to your team's knowledge base, and keep security at the forefront of everything you build.