Hackathon Challenges
8–10 hours of breaking, fixing, and building a real-world web application — with GitHub Copilot as your AI pair programmer and GitHub Advanced Security watching your back.
Tracks at a Glance
| Track | Challenge | Title | Est. Time |
|---|---|---|---|
| Copilot Customization | C-00 | Customize Your Copilot Experience | 60 min |
| Security | S-00 | Prerequisites & Security Setup | 30 min |
| S-01 | Enable Code Scanning & Discover Vulnerabilities | 45 min | |
| S-02 | Fix Vulnerabilities with Copilot + Autofix | 60 min | |
| S-03 | Dependabot & Supply Chain Security | 45 min | |
| S-04 | Secret Scanning & Push Protection | 45 min | |
| S-05 | Security Campaigns (Advanced) | 45 min | |
| Frontend | F-00 | Project Setup & UI Analysis | 30 min |
| F-01 | Design System & Component Planning | 45 min | |
| F-02 | Build Modern UI Components | 60 min | |
| F-03 | Integration & Polish | 45 min | |
| Backend | B-00 | API Discovery & Documentation | 30 min |
| B-01 | Feature Design | 45 min | |
| B-02 | Implementation with Copilot | 60 min | |
| B-03 | Testing & Documentation | 45 min |
Copilot Customization
Security Track
Prerequisites & Security Setup
Fork the repo, spin up a dev environment, and enable GitHub Advanced Security.
Enable Code Scanning & Discover Vulnerabilities
Enable CodeQL, trigger your first scan, and review the security alerts.
Fix Vulnerabilities with Copilot + Autofix
Pick at least 3 vulnerabilities and fix them using Copilot and Autofix.
Dependabot & Supply Chain Security
Enable Dependabot, review dependency vulnerabilities, and merge security PRs.
Secret Scanning & Push Protection
Detect committed secrets, test push protection, and implement proper secrets management.
Security Campaigns (Advanced)
Organize alerts into coordinated remediation campaigns at the organization level.
Frontend Track
Project Setup & UI Analysis
Run the app, explore the Angular frontend, and document current design issues.
Design System & Component Planning
Define a modern design system and plan which components to redesign.
Build Modern UI Components
Redesign at least 3 components with responsive, accessible, polished styling.
Integration & Polish
Integrate components into the app and ensure visual consistency across pages.
Backend Track
API Discovery & Documentation
Explore the Express.js backend: routes, models, middleware, and auth flow.
Feature Design
Design 2 new backend features with complete API contracts.
Implementation with Copilot
Build your features with Copilot, adding validation, error handling, and security.
Testing & Documentation
Write tests for all new endpoints and update the API documentation.
Recommended Order
Start with C-00 (Copilot Customization). Setting up your repository instructions, agents, and prompt files first means Copilot will be genuinely smarter for every challenge that follows — better suggestions, better explanations, fewer generic responses.
Once your Copilot is tuned, move to S-00 and work through the Security track (S-00 through S-05). You need those GHAS features enabled before anything else makes sense, and the vulnerabilities you find will give you real context for the rest of the day.
Once security is rolling, split into Frontend and Backend — these two tracks run in parallel. Pick the one that matches your strengths, or tackle both if you're feeling ambitious.
Ground Rules
- GitHub Copilot is your pair programmer. Use it everywhere — in your editor, in the terminal, in chat. The more you use it, the more you'll get out of this.
- GitHub Advanced Security features live on github.com. Configure and review them in your repository's Settings and Security tabs.
- Each challenge has clear success criteria. Check them off as you go.