Home

Welcome to the gh-advsec-devsecops wiki!

Key References

• https://github.com/microsoft/hve-core
• https://docs.github.com/en/copilot/how-tos/administer-copilot/manage-for-organization/prepare-for-custom-agents
• https://docs.github.com/en/copilot/concepts/agents/coding-agent/about-custom-agents
• https://dxrf.com/blog/2025/11/20/build-your-own-github-copilot-agent/

Security Plan Creator Custom Agent

Phase 3: Threat Assessment

Phase 5: Sample Security Plan Outputs

non-deterministic: https://github.com/devopsabcs-engineering/hve-core/blob/main/security-plan-outputs/security-plan-sample-web-app.md https://github.com/devopsabcs-engineering/gh-advsec-devsecops/blob/main/security-plan-outputs/security-plan-sample-web-app.md

can be for multiple apps: https://github.com/devopsabcs-engineering/gh-advsec-devsecops/blob/main/security-plan-outputs/security-plan-gh-aspnet-webapp.md

Custom Agents

See them in repository

Custom Security Agent

with workflow

Security Reviewer in VS Code

Interacting with Your Agent With your security reviewer agent active, you can ask questions like:

• “Review this authentication function for security issues”
• “Check this API endpoint for vulnerabilities”
• “Is this password hashing implementation secure?”
• “Scan this file for OWASP Top 10 vulnerabilities”

The agent will respond according to its instructions, focusing on security concerns.