How to Get the Most Value from GitHub Copilot without Creating Security Risks

Contact Us

How to Get the Most Value from GitHub Copilot without Creating Security Risks

On March 22, 2023, Microsoft announced the release of a new version GitHub Copilot, its AI-assisted coding tool. Based on OpenAI’s GPT-4 multimodal large language model, the new solution adds chatbot functionality similar to Microsoft 365 Copilot. The chatbot sits inside integrated development environments (IDEs), allowing programmers to enter natural language requests.

The original GitHub Copilot solution integrates with popular code editors and offers code suggestions in real-time. The new version is more like a programming assistant, with the ability to rewrite code, look for security vulnerabilities and fix bugs. It can even analyze legacy software with limited documentation and explain how it functions, enabling programmers to spend less time reading and more time doing productive work.

Like Microsoft 365 Copilot, GitHub Copilot also creates significant security risks. Development teams must ensure that their environments and data are set up properly to prevent the introduction of vulnerabilities and the exposure of intellectual property.

Interested In Learning More?

Code on a computer screen.

Developing Useful Code

GitHub Copilot does a phenomenal job of creating useful code segments. You could ask it to write PowerShell code that takes the output of library A, transforms the data in this manner, and puts it into library B. It will understand the variables, reference the two libraries and perform the transformations.

Or let’s say you need to extract the date value from a DATETIME field in a SQL database and store it in a Redshift database using this Amazon API library. As long as the input and output vectors are defined correctly and Copilot can actively access the libraries, it would connect to your SQL instance, query the DATETIME field, truncate it to just the date itself, and insert the result into the Redshift database.

These are obviously simple examples of things a programmer could do easily. However, GitHub Copilot can do them faster with 100 percent accuracy — as long as all the information is set up correctly.

Keyboard key that says "DevOps".

DevOps Pipeline Integration

GitHub Copilot is far more powerful when actively integrated into a DevOps pipeline. It can see the components that other people on your team are developing, and understand how the code it is writing for you needs to work with other code in the environment. That enables it to do a lot more of the coder’s job.

But that’s how security risks arise. Like Microsoft 365 Copilot, GitHub Copilot will crawl your entire environment looking for anything that might be relevant. It can grab source code from any projects it has access to, and reference libraries and connectors to those projects as well.

If you’re not securing your development data correctly, GitHub Copilot can pull code out of high-security, high-compliance environments and expose it to individuals who have no business accessing it. In fact, you can pull whole libraries out of a secure project and put them into another application. And if you don’t have your libraries tagged correctly, it can use strange libraries when trying to reference the source code.

Cloud graphic on a screen.

How DeSeMa Can Help

As with Microsoft 365 Copilot, you need to ensure that your data is accurate and properly categorized before unleashing the tool. All of the code sitting in your GitHub repositories must be actively managed so that the inputs and outputs are tagged and flagged correctly. You also need to make sure that you’re using easily identifiable data types so that Copilot can understand what variables a library needs to operate and what components are optional or internal.

The DeSeMa team includes experienced programmers with expertise in commonly used IDEs and the GitHub environment. We can help you set up your code repositories correctly so that you can maximize the value of GitHub Copilot without creating security risks.

Get Started Today!

Contact Us