Post · bonfire.cafe

Wrote a blog post about using instruction.md files to guide GitHub #Copilot to avoid risky code dependencies. The approach fills some of the gaps of traditional SAST tool compliance approaches - repos can pick their own risk thresholds instead of being limited to company-wide minimum thresholds & community health risks are flagged before any written…but won’t replace them as hard to enforce as gate.

https://justingosses.com/blog/instruction-files-to-help-copilot-use-less-risky-dependencies

JustinG

@JustinG@fosstodon.org replied · 2 weeks ago

Forgot some words in last part as was trying to fit it all in, should say “community health risks are flagged before any CODE IS written…but THIS APPROACH won’t replace SAST TOOLS as hard USE TO COPILOT chat as a gate.”

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-alpha.8 no JS en

Automatic federation enabled