Automation Lab
Checking access...
Objective
Build a complete CI/CD security pipeline with automated gates.
Step 1: Configure Branch Protection
# GitHub CLI: Require status checks before merginggh api repos/:owner/:repo/branches/main/protection \ --method PUT \ --field required_status_checks='{"strict":true,"contexts":["security-checks"]}' \ --field enforce_admins=trueStep 2: Add Security Workflow
Create .github/workflows/security.yml with SAST, SCA, secret scanning, and policy-as-code checks (use the template from the Security Pipelines page).
Step 3: Test the Pipeline
# Create a branch with deliberate vulnerabilitiesgit checkout -b test-vulnerable-branch
# Add a file with a secretecho "API_KEY=sk-live-abc123" >> .env
# Add a Terraform file with a security issueecho 'resource "aws_security_group" "open" { ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }}' >> main.tf
git add . && git commit -m "test: add vulnerable file"git push origin test-vulnerable-branch
# Create PRgh pr create --title "Test security pipeline" --body "Testing automation"Step 4: Verify the PR Is Blocked
Check that the PR shows failed security checks and cannot be merged.
Deliverables
- Screenshot of branch protection rules
- Screenshot of security workflow running
- Screenshot of PR blocked by security gate
- Screenshot of PR passing after fixing vulnerabilities