How to Secure the SDLC with GitHub Advanced Security

How can development teams secure modern software delivery without slowing innovation? As software development accelerates through rapid release cycles and AI-generated code, security and code quality challenges are becoming harder to manage. Vulnerabilities discovered late in the SDLC increase technical debt, while security teams struggle to keep pace with growing developer productivity. In this session, discover how GitHub Advanced Security helps organizations shift security and code quality left by embedding security directly into the developer workflow. Learn how tools such as CodeQL, Dependabot, secret scanning with push protection, and AI-powered code analysis help teams identify and fix vulnerabilities before code is merged—enabling a faster, safer, and more scalable software delivery process. This session explores practical approaches to reducing security risk, improving maintainability, and moving toward a “found means fixed” engineering culture. 🔗 Learn more about Xebia Microsoft Services: https://xebia.com/partners/microsoft/ #GitHub #GitHubAdvancedSecurity #DevSecOps #ApplicationSecurity #CodeQL #Dependabot #SoftwareEngineering #CyberSecurity #SecureCoding #xebia Time Stamps: 00:00 – Welcome & Introduction 01:52 – Meet Gino’s Gelato Security Story 04:50 – What Is GitHub Advanced Security? 06:14 – Secret Scanning Explained 07:05 – Live Demo: Secret Scanning & Push Protection 21:00 – Dependency Management with Dependabot 22:15 – Live Demo: Dependabot & AI-Powered Fixes 36:38 – Introduction to Code Scanning with CodeQL 38:15 – Live Demo: CodeQL, Autofix & Campaigns 41:00 – Understanding SQL Injection Vulnerabilities 45:18 – Using Copilot Autofix for Security Issues 51:20 – Preventing Vulnerabilities Before Merge 57:48 – Managing Security Backlogs with Campaigns 01:03:20 – Code Quality & Maintainability with CodeQL 01:05:23 – Key Takeaways & Final Thoughts ------------------------------------------------------------------------------------------------------------------------ Xebia is a global AI-first, digital transformation, and engineering partner. With over 25 years of experience and a team of 4,500+ professionals across 16 countries, Xebia specializes in Artificial Intelligence, Data and Cloud, Intelligent Automation, and Digital Products and Platforms. With a strong focus on engineering excellence and a people-first culture, they equip organizations to apply emerging technologies that accelerate business innovation and drive sustainable competitive advantage. Xebia leads with a responsible and human-centric approach to AI, ensuring organizations shape a better tomorrow for all. 🌐 Explore More from Xebia Website: https://www.xebia.com Follow us on: LinkedIn: https://in.linkedin.com/company/xebia Instagram: https://www.instagram.com/life_at_xebia_global/ X: https://x.com/Xebia_Global Facebook: https://www.facebook.com/XebiaGlobal 🔔 Subscribe for more insights on AI, Cloud, Software Engineering & Digital Transformation.