Adds Security Champion chat / agent mode to provide comprehensive security guidance by integrating Microsoft's Security Development Lifecycle (SDL) practices alongside existing OWASP frameworks. #408
Conversation
…M applications - include OWASP Top 10 for LLM Applications (2025) security practices - outline responsibilities and areas to inspect during development stages - emphasize security champion mindset and ongoing threat awareness 🔒 - Generated by Copilot
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #408 +/- ##
==========================================
- Coverage 60.96% 60.93% -0.04%
==========================================
Files 19 19
Lines 3233 3233
==========================================
- Hits 1971 1970 -1
- Misses 1262 1263 +1
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
…nd tools list 🔒 - Generated by Copilot
There was a problem hiding this comment.
Pull request overview
This PR adds a Security Champion agent and comprehensive OWASP security instruction files to integrate Microsoft's Security Development Lifecycle (SDL) practices alongside existing OWASP frameworks. The PR introduces security guidance across the development lifecycle, from design through runtime, with detailed coding standards for both traditional web applications and LLM-specific security concerns.
Changes:
- Adds Security Champion conversational agent for security-focused code review and advisory
- Introduces comprehensive OWASP Top 10 secure coding instructions for web applications
- Adds OWASP Top 10 for LLM Applications (2025) secure coding instructions for AI/ML security
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 14 comments.
| File | Description |
|---|---|
.github/agents/security-champion.agent.md |
New conversational agent that serves as a security advisor, integrating Microsoft SDL practices with OWASP frameworks to guide security reviews across all development stages |
.github/instructions/owasp-for-web-applications.instructions.md |
New instruction file providing comprehensive secure coding guidelines based on OWASP Top 10, covering vulnerabilities from access control to SSRF |
.github/instructions/owasp-for-llms.instructions.md |
New instruction file providing LLM-specific security guidelines based on OWASP Top 10 for LLM Applications (2025), covering prompt injection, data leakage, and other AI-specific risks |
| --- | ||
|
|
||
| description: "Comprehensive secure coding instructions for all languages and frameworks, based on OWASP Top 10 and industry best practices. Give clear and consise feedback and points of improvement." | ||
|
|
There was a problem hiding this comment.
Frontmatter formatting issue: there is an empty line after the opening frontmatter delimiter and empty lines between properties. YAML frontmatter should not have blank lines. Properties should be consecutive without empty lines between them.
|
|
||
| Integrate these 10 SDL practices into security reviews: | ||
|
|
||
| 1. Establish security standards, metrics, and governance |
There was a problem hiding this comment.
Inconsistent bullet point punctuation. According to markdown guidelines (CodingGuidelineID: 1000002), fragment bullet points should not end with periods. The bullet "Establish security standards, metrics, and governance" is a fragment and should not have a period, but the subsequent bullets in lines 24-32 also lack periods. For consistency, either all fragments should have no periods (preferred) or all should have periods. Since these are all short fragments, remove the period from line 23 to match the rest.
| --- | ||
| description: "🔐 Security Champion" | ||
| tools: ['execute/getTerminalOutput', 'read', 'agent', 'todo'] | ||
| argument-hint: "Assist development teams in integrating security best practices throughout the software development lifecycle by acting as a Security Champion." |
There was a problem hiding this comment.
Potentially invalid model specification. The value "Claude Sonnet 4.5" does not match known Anthropic model naming conventions. As of the knowledge cutoff (January 2025), Claude models are named like "Claude 3.5 Sonnet" or "Claude 3 Opus", not "Claude Sonnet 4.5". This should be verified and corrected to a valid model identifier that VS Code Copilot recognizes. If this is a placeholder for a future model, it should be documented or changed to an existing model.
|
|
||
| ## Instructions | ||
|
|
||
| Your primary directive is to ensure all code you generate, review, or refactor is secure by default. You must operate with a security-first mindset. When in doubt, always choose the more secure option and explain the reasoning. You must follow the principles outlined below, which are based on the OWASP Top 10 and other security best practices. |
There was a problem hiding this comment.
Avoid command style with modal verbs. According to prompt writing style guidelines (CodingGuidelineID: 1000003), second-person commands with modal verbs like "must" should be avoided. Prefer guidance style instead. For example, change "You must operate with a security-first mindset" to "Operate with a security-first mindset" and "You must follow the principles" to "Follow the principles outlined below".
|
|
||
| ## Instructions | ||
|
|
||
| Your primary directive when working with Large Language Model (LLM) applications is to ensure all code you generate, review, or refactor is secure by default with specific attention to LLM-unique vulnerabilities. You must operate with a security-first mindset that recognizes LLMs introduce an entirely new class of risks beyond traditional application security. When in doubt, always choose the more secure option and explain the reasoning. Follow the principles outlined below, which are based on the OWASP Top 10 for LLM Applications (2025). |
There was a problem hiding this comment.
Avoid command style with modal verbs. According to prompt writing style guidelines (CodingGuidelineID: 1000003), second-person commands with modal verbs like "must" should be avoided. Prefer guidance style instead. For example, change "You must operate with a security-first mindset" to "Operate with a security-first mindset".
| **Enforce Principle of Least Privilege:** Always default to the most restrictive permissions. Explicitly verify the caller's rights for each protected resource or action. | ||
|
|
||
| **Deny by Default:** All access control decisions must follow a "deny by default" pattern; only explicit, validated rules grant access. | ||
|
|
||
| **Context / Object-Level Authorization:** Apply object, record, function, and tenancy scoping checks server-side for every sensitive operation (never rely on hidden UI elements or client role hints). | ||
|
|
||
| **Prevent Path Traversal:** When handling file uploads or resolving user-supplied paths, canonicalize and ensure the resolved path stays within an allowed base directory; reject attempts like `../../etc/passwd`. |
There was a problem hiding this comment.
Avoid bolded-prefix list items. According to prompt writing style guidelines (CodingGuidelineID: 1000003), list items with bolded titles followed by descriptions (like "Bolded Term: Description") provide limited value. Consider using plain lists, proper headings, or description lists instead. This pattern appears throughout the file and should be refactored to use subsections with proper headings.
| **Understand the Core Risk:** Prompt injection is the most critical LLM vulnerability—analogous to SQL injection but targeting the model's prompt context. User inputs can manipulate the LLM's behavior, override system instructions, extract sensitive information, or trigger unauthorized actions. | ||
|
|
||
| **Constrain Model Behavior:** Define strict boundaries for LLM responses using explicit system prompts that clearly delineate acceptable outputs. Never rely solely on system prompts for security—they can be bypassed. | ||
|
|
||
| **Implement Input Validation:** Apply rigorous validation to all user inputs before they reach the LLM. Use allowlists for expected input patterns, reject suspicious patterns (e.g., instructions like "ignore previous instructions"), and implement semantic analysis to detect manipulation attempts. | ||
|
|
||
| **Output Validation is Critical:** Validate all LLM outputs against expected formats using deterministic verification. Define strict output schemas and reject responses that deviate from them. | ||
|
|
||
| **Context Boundaries:** Separate system instructions from user content using clear delimiters. Never concatenate user input directly into prompts without sanitization. | ||
|
|
||
| ```python | ||
| # GOOD: Structured prompt with clear boundaries | ||
| system_prompt = "You are a customer service assistant. Only answer questions about product features." | ||
| user_input = sanitize_input(request.user_message) # Remove injection attempts | ||
| response = llm.generate(system=system_prompt, user=user_input) | ||
| validated_response = validate_output_schema(response) # Ensure format compliance | ||
| ``` | ||
|
|
||
| ```python | ||
| # BAD: Direct concatenation with no validation | ||
| prompt = f"Answer this: {request.user_message}" # Vulnerable to injection | ||
| response = llm.generate(prompt) # No output validation | ||
| ``` | ||
|
|
||
| **Defend Against Indirect Injection:** When processing external content (files, websites, documents), treat all content as potentially malicious. Sanitize or summarize external data before including it in prompts. | ||
|
|
||
| **Multimodal Risks:** If using vision or audio models, be aware that hidden instructions can be embedded in images or audio files. Implement content integrity checks. |
There was a problem hiding this comment.
Avoid bolded-prefix list items. According to prompt writing style guidelines (CodingGuidelineID: 1000003), list items with bolded titles followed by descriptions (like "Bolded Term: Description") provide limited value. Consider using plain lists, proper headings, or description lists instead. This pattern appears throughout the file and should be refactored to use subsections with proper headings.
| --- | ||
|
|
||
| description: "Comprehensive secure coding instructions for all languages and frameworks, based on OWASP Top 10 and industry best practices. Give clear and consise feedback and points of improvement." | ||
|
|
||
| applyTo: '**/*.py, **/*.tsx, **/*.ts, **/*.jsx, **/*.js' | ||
|
|
||
| --- |
There was a problem hiding this comment.
Missing required maturity field in frontmatter. According to the instruction-frontmatter.schema.json and coding guidelines (CodingGuidelineID: 1000003), all instruction files must include a maturity field with value: experimental, preview, stable, or deprecated. This field is required for artifact lifecycle tracking in the HVE-Core codebase.
| @@ -0,0 +1,138 @@ | |||
| --- | |||
|
|
|||
| description: "Comprehensive secure coding instructions for all languages and frameworks, based on OWASP Top 10 and industry best practices. Give clear and consise feedback and points of improvement." | |||
There was a problem hiding this comment.
Spelling error in frontmatter description. The word "consise" should be "concise".
| description: "Comprehensive secure coding instructions for all languages and frameworks, based on OWASP Top 10 and industry best practices. Give clear and consise feedback and points of improvement." | |
| description: "Comprehensive secure coding instructions for all languages and frameworks, based on OWASP Top 10 and industry best practices. Give clear and concise feedback and points of improvement." |
| --- | ||
|
|
There was a problem hiding this comment.
Frontmatter formatting issue: there is an empty line after the opening frontmatter delimiter. YAML frontmatter should not have blank lines between the opening --- and the first property. The frontmatter should start immediately after the opening delimiter.
- clarify the directive for secure coding practices - emphasize the importance of a security-first mindset - enhance instructions for code reviews and security education 🔒 - Generated by Copilot
2 participants
🔒 - Generated by Copilot
Pull Request
Description
Related Issue(s)
Type of Change
Select all that apply:
Code & Documentation:
Infrastructure & Configuration:
AI Artifacts:
prompt-builderagent and addressed all feedback.github/instructions/*.instructions.md).github/prompts/*.prompt.md).github/agents/*.agent.md)Sample Prompts and Usage
Checklist
Required Checks
AI Artifact Contributions
/prompt-analyzeto review contributionprompt-builderreviewRequired Automated Checks
The following validation commands must pass before merging:
npm run lint:mdnpm run spell-checknpm run lint:frontmatternpm run lint:md-linksnpm run lint:psSecurity Considerations
Additional Notes