Ship fast, stay secure: from code to runtime | OD841

Microsoft Developer · Beginner ·🤖 AI Agents & Automation ·1mo ago
Skills: AI Security80%

Key Takeaways

Secures code to runtime using Defender for Cloud and GitHub Advanced Security

Original Description

You write the code. You own the pipeline. Now security is yours too — but it doesn't have to slow you down. See how Defender for Cloud and GitHub Advanced Security catch vulnerabilities where you already work: your CLI, your repo, your pull request, your cloud. No workflow changes required. To learn more, please check out these resources: * https://aka.ms/build26-next-steps 𝗦𝗽𝗲𝗮𝗸𝗲𝗿𝘀: * James Brotsos 𝗦𝗲𝘀𝘀𝗶𝗼𝗻 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻: This is one of many sessions from the Microsoft Build 2026 event. View even more sessions on-demand and learn about Microsoft Build at https://build.microsoft.com OD841 | English (US) | Responsible AI Pre-recorded | (300) Advanced #MSBuild Chapters: 0:00 - Introduction by James Brotsos and Overview of 'Ship Fast, Stay Secure' 00:00:42 - Explaining Developer-Security Collaboration Challenges 00:01:14 - Embedding Security into Developer Workflows 00:01:53 - Integration Between Microsoft Defender for Cloud and GitHub Advanced Security 00:02:27 - Demo Introduction and Setup of MDASH Scanner 00:02:52 - Overview of MDASH Multi-Agent AI Scanning Pipeline 00:03:33 - Running MDASH Scan and Discovering Non-Pattern Vulnerabilities 00:04:08 - AI-Assisted Fixing of Vulnerabilities through Copilot 00:05:05 - Developer Review Process in VS Code and Pull Request Security Feedback 00:07:15 - Switching to Security Manager View: Application Security Initiative Dashboard 00:09:16 - Attack Path Analysis: Mapping Code Vulnerabilities to Cloud Risk 00:12:00 - GitHub Integration for Issue Creation and Automated Fix Suggestions 00:13:33 - AI Model Security: Detecting Malicious Pickle Artifacts and Model Risks 00:16:01 - End-to-End AI Security in Pipelines 00:17:15 - Summary of Full AI-Powered Security Lifecycle from Code to Cloud
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Related Reads

📰
I Built an AI Chatbot for Fun. It Broke in a Way That Taught Me Database Design.
Learn how building a broken AI chatbot can teach valuable database design lessons and improve your understanding of data storage and retrieval
Medium · Data Science
📰
The first paid AI API request should be a receipt, not a leap of faith
Ensure your AI API onboarding flow includes a payment receipt before committing to paid requests, to avoid unexpected charges
Dev.to AI
📰
AI, Vibe Coding, and the Rise of SynthClaw Coagent: The Future of Developer Productivity
Learn how AI, vibe coding, and SynthClaw Coagent are revolutionizing developer productivity and reshaping the tech landscape
Dev.to AI
📰
We let an AI reviewer approve and merge its own PRs — here's the open-source gate that makes it safe
Learn how to safely let AI reviewers approve and merge their own PRs using an open-source gate
Dev.to AI

Chapters (15)

Introduction by James Brotsos and Overview of 'Ship Fast, Stay Secure'
0:42 Explaining Developer-Security Collaboration Challenges
1:14 Embedding Security into Developer Workflows
1:53 Integration Between Microsoft Defender for Cloud and GitHub Advanced Security
2:27 Demo Introduction and Setup of MDASH Scanner
2:52 Overview of MDASH Multi-Agent AI Scanning Pipeline
3:33 Running MDASH Scan and Discovering Non-Pattern Vulnerabilities
4:08 AI-Assisted Fixing of Vulnerabilities through Copilot
5:05 Developer Review Process in VS Code and Pull Request Security Feedback
7:15 Switching to Security Manager View: Application Security Initiative Dashboard
9:16 Attack Path Analysis: Mapping Code Vulnerabilities to Cloud Risk
12:00 GitHub Integration for Issue Creation and Automated Fix Suggestions
13:33 AI Model Security: Detecting Malicious Pickle Artifacts and Model Risks
16:01 End-to-End AI Security in Pipelines
17:15 Summary of Full AI-Powered Security Lifecycle from Code to Cloud
Up next
Headroom: Revolutionizing AI with Smart Token Compression #shorts
Income stream surfers
Watch →