As developers, we want to protect our products and avoid security problems in production: data leaks, access control errors, incorrect design, poorly implemented headers, and so on.

As part of a Shift-Left Security strategy, the aim is to check any of our developments as early as possible. In other words, we want to discover the security issues as early as possible and prevent them from reaching production. With this goal in mind, you are probably using static and dynamic code analysis tools in some of your pipelines right now, but... what if we could check our code from the beginning? What if we could check our work from the very moment we are developing it, or when we commit it locally, or if we could also check it in the first steps of a pipeline?

This talk proposes to combine the different tools provided by GitHub Copilot and GitHub Advanced Security to analyse our code from a practical point of view; always with the aim of getting feedback as soon as possible.