Move the security to the left during development can have a lot of challenges, as well as some pitfalls. With the tools of GitHub Advanced Security like, Dependabot, Secret Scanning or CodeQL we can start, step by step, security practices to the very first step in our developments.