> securing_code --with ai
Use GitHub Advanced Security and GitHub Copilot to find and fix real security vulnerabilities in OWASP Juice Shop — an intentionally insecure web application.
Enable CodeQL, Dependabot, and secret scanning to discover vulnerabilities hiding in the codebase.
Use GitHub Copilot to explain what each vulnerability means and why it's dangerous.
Write secure code to remediate the findings, guided by Copilot and Autofix suggestions.
Confirm your fixes pass security analysis and the alerts are resolved.
Three tracks cover the full stack, plus a cross-cutting Copilot customization track. Start with Security, then branch out.
6 challenges · ~5 hours — Enable GHAS, discover vulnerabilities with CodeQL, fix issues with Copilot Autofix, secure dependencies, and configure push protection.
4 challenges · ~3 hours — Analyze the Juice Shop UI, define a design system, build modern components, and integrate everything into a polished experience.
4 challenges · ~3 hours — Explore the Express.js API, design new features, implement them with Copilot, and write comprehensive tests.
| Layer | Technology |
|---|---|
| Frontend | Angular, TypeScript |
| Backend | Express.js, Node.js |
| Database | SQLite (embedded) |
| Security Tools | CodeQL, Dependabot, Secret Scanning, GitHub Copilot |
Official OWASP Juice Shop documentation and walkthrough companion guide.
GitHub Advanced Security — code scanning, secret scanning, Dependabot, and more.
Learn to use GitHub Copilot in your editor, terminal, and on GitHub.com.
The definitive list of the most critical web application security risks.