Agentic DevSecOps · 4-Workshop Series

Agentic DevSecOps

Securing the Entire Delivery System for the AI-Native Era

"DevSecOps in the AI-native era is not only about shifting security left. It is about securing the entire delivery system."
4 Workshops
12 Exercises
2–3 Hours Total
Start Workshop 1 Back to Workshop Collection

One Question Per Workshop

Each workshop answers a single driving question. Together they form a closed-loop security operating model.

Workshop 1
"WHERE does development happen?"
Foundation
Workshop 2
"WHAT prevents bad code?"
Prevention
Workshop 3
"HOW do we trust the pipeline?"
Integrity
Workshop 4
"WHAT when things go wrong?"
Resilience
🛡️
Trust
🔒
Guardrails
🔗
Integrity
🔄
Response
🔁
Feedback
GitHub Copilot — Cross-Cutting Agentic Layer
NIST SSDF: PO PW PS RV

The Workshops

Four workshops, three exercises each. Build security into every layer of your delivery system.

🛡️
Workshop 1

Trust Boundary & Platform Trust

PO
"WHERE does development happen?"
Data Residency EMU GHE.com Copilot Policies
  1. 1 Explore Boundary
  2. 2 Identity & Access
  3. 3 Copilot Enforcement
30–45 min Start Workshop →
🔒
Workshop 2

Secure by Design Guardrails

PW
"WHAT prevents bad code from landing?"
GHAS CodeQL Push Protection Copilot Autofix Security Campaigns
  1. 1 Policy Guardrails
  2. 2 Detection Guardrails
  3. 3 AI Remediation
30–45 min Start Workshop →
🔗
Workshop 3

Supply Chain Integrity

PS
"HOW do we trust the delivery path?"
OIDC Artifact Attestation Defender for Cloud
  1. 1 OIDC Deployment
  2. 2 Attestation & Provenance
  3. 3 Code-to-Runtime Trace
30–45 min Start Workshop →
🔄
Workshop 4 — Grand Finale

Operational Response

RV
"WHAT happens when things go wrong?"
SRE Agent Copilot Coding Agent MTTR Feedback Loop
  1. 1 Incident Detection
  2. 2 AI-Assisted Remediation
  3. 3 Continuous Improvement
30–45 min Start Workshop →

Cross-Workshop Artifacts

Three living documents thread across all four workshops, building incrementally as you progress.

📄
.github/copilot-instructions.md
Created WS1 Updated WS4
📋
THREAT-MODEL.md
Created WS2 Updated WS3 Extended WS4
📊
MTTR-TRACKER.md
Used in WS4

Key Takeaways

🔐 DevSecOps is no longer only about shifting left.
🌏 Data Residency defines the trust boundary of modern development.
🤖 Copilot is the agentic layer that accelerates every security viewpoint.
🔄 The winning model is: Trust → Guardrails → Visibility → Response → Feedback.
"Secure the delivery system, not only the code."