AI-assisted development: how to build and ship with confidence

webmaxru 182 views 19 slides Aug 28, 2024
Slide 1
Slide 1 of 19
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19

About This Presentation

Adoption of AI-powered tools for development is trending. It changes the way we write and ship code, simplifies collaboration, and fundamentally changes how we can prevent vulnerabilities from entering our code. How can we use AI assistants to build and ship with confidence? In my session, we use Gi...

Size: 1.75 MB
Language: en
Added: Aug 28, 2024
Slides: 19 pages

Slide Content

AI-assisted development:
how to build and ship
with confidence
Maxim Salnikov

Maxim Salnikov
•Building on web platform since 90s
•Organizing developer communities and
technical conferences
•Speaking, training, blogging: Webdev,
Cloud, AI-assisted development
Help developers to succeed with the productivity tools
at Microsoft

Focus on what matters most
Less time on
AI tools
impact on
developer
experience
Writing Tests, Repetitive Code, & Boilerplate
Searching Documentation Manually Finding Vulnerabilities
Deciphering Existing Code
Summarizing Changes and Comments
Correcting Syntax
Learning Git Commands
Collaborating
Designing Brainstorming
Iterating
Planning
Debugging

https://github.blog/news-insights/research/survey-reveals-ais-impact-on-the-developer-experience/
•1:100 security team members to
developers
•Shifting the burden of security
practices to developers
•45% of developers think teams will
benefit from using AI to facilitate
security reviews

AI-assisted coding
LLM trained on large
amounts of code
IDE with file(s) open
for editing
Prompt + local
context
Code suggestion

Potential
threats
•Outdated and/or flawed
patterns
•Reinforcing bad practices
•Skipping detailed reviews
•Overlooking security

GitHub Copilot Workspace
(Sign up for the Tech Preview)
•Refactoring code
•Explaining code
•Writing documentation
•Code suggestions
•Converting comments to code
•Autofill for repetitive code
•Showing alternatives
1
Planning
2
Analysis
3
Design
4
Implementation
5
Testing &
Integration
6
Maintenance
GitHub Copilot in the
Software
Development
Lifecycle
•Writing tests
•Fixing code errors
•Summarizing pull requests
•Guiding on configuring local
environment
https://en.wikipedia.org/wiki/Systems_development_life_cycle

Disclaimer / CTA
•Security is everyone's responsibility – “Shift left”!
•Teams must employ safeguards at multiple stages of the
SDLC – Do not rely on a single stage/product
•AI assistants may sometimes suggest insecure code – Trust
but verify
•AI assistants leverage a variety of security measures – Know
your tool!
YOU are the Pilot

GitHub
Copilot is
aiding secure
development
•In scope of ISO 27001 certificate
•Encryption in transit and at rest

•Removing sensitive information
•Vulnerability prevention system
•Powers multiple stages of the
SDLC

AI-based
vulnerability
prevention
system
•Hardcoded credentials
•SQL injections
•Path injections

Demo recordings are
available on YouTube

GitHub
Advanced
Security
•Secret scanning * – AI-
powered
•Dependency review * –
Dependabot
•Code scanning * – SAST
with CodeQL
•Found means fixed –
Autofix
* Free for public
repositories on GitHub

CodeQL treats
code like data
1.Generate a CodeQL
database from your code
2.Write & run CodeQL
queries to identify
problems
3.Integrate with your
development pipeline
https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql

Copilot API
https://github.blog/engineering/fixing-security-vulnerabilities-with-ai/
Code scanning + Autofix flow

Pre- and post-
processing
•Selecting code to show the
model
•Adding dependencies
•Specifying a format for code
edits
•Overcoming model errors

LLM Prompt
contains
•General information about this type
of vulnerability
•The source-code location and
content of the alert message
•Relevant code snippets from the
locations all along the flow path
and any code locations referenced
in the alert message
•Specification of the response

•90% of vulnerability types detected
(JS, TS, Java, Python)
•2/3 of the Autofix suggestions can
be merged with little to no edits
•Natural language description of
the vulnerability and its fix
•Full flow directly in the workspace
Results

GitHub Copilot
Trust Center
https://resources.github.com/copilot-trust-center/
•Security
•Privacy
•IP and Open Source
•Labor Market

Maxim Salnikov
CONNECT AND ASK
Tags
github copilot software development cybersecurity github advanced security software security
Categories
Technology Design
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 182
  • Slides 19
  • Age 459 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views
View More in This Category