GitHub Advanced Security Webinar

This repo demonstrates how to combine multiple code scanning tools using Github Actions and Github Advanced Security.

Steps to test

Fork this repository into your account
You will need to enable Actions in this repository. Go to Actions tab and click on I understand my workflows, go ahead and enabled them button.
Even though each workflow exists, you will need to approve it for your repo. On the next screen, select each workflow.
You should see This scheduled workflow is disabled because scheduled workflows are disabled by default in forks. warning. Click on Enable workflow button next to it.
Configure the following secrets for your environment
- AZURE_LOGIN_SECRET -> output from az ad sp create-for-rbac --sdk-auth
- AZURE_SERVICE_PRINCIPAL_CLIENT_ID -> Client ID from above
- AZURE_SERVICE_PRINCIPAL_CLIENT_SECRET -> Client Secret from above
- AZ_APPINSIGHTS_CONNECTION_STRING -> As per setup instructions from Microsoft.
- AZ_SUBSCRIPTION_TOKEN -> As per setup instructions from Microsoft.
Configure an environment titled production_environment
Each of the workflows have been configured for manual dispatch, select these as you require and execute.

The following repos are leveraged for examples:

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
.github		.github
app		app
armtemplates		armtemplates
semgrep-rules		semgrep-rules
terraform		terraform
README.md		README.md
SECURITY.md		SECURITY.md