ContributingΒΆ
Thank you for your interest in improving this workshop!
Quick LinksΒΆ
- π Workshop: azure-samples.github.io/sherpa
- π Security Guide: microsoft.github.io/mcp-azure-security-guide
Repository StructureΒΆ
sherpa/
βββ camps/ # Workshop modules
β βββ base-camp/ # Local-only, MCP fundamentals
β βββ camp1-identity/ # Azure: OAuth, Managed Identity
β βββ camp2-gateway/ # Azure: APIM, Content Safety
β βββ camp3-io-security/ # Azure: Input validation, PII
β βββ camp4-monitoring/ # Azure: Logging, alerts
βββ docs/ # MkDocs documentation
β βββ camps/ # Workshop guides
βββ mkdocs.yml
Workshop PatternΒΆ
All camps follow exploit β fix β validate:
- Start with a vulnerable or incomplete configuration
- Demonstrate the security risk
- Apply the fix
- Validate the fix works
Camp TypesΒΆ
| Type | Example | Deployment | Key Files |
|---|---|---|---|
| Local | Base Camp | uv run python -m src.server |
vulnerable-server/, secure-server/ |
| Azure | Camps 1-4 | azd up |
azure.yaml, infra/, scripts/ |
Running Docs LocallyΒΆ
Code GuidelinesΒΆ
- Python: 3.11+, type hints,
uvfor dependencies - Bicep: Consistent naming, security comments
- Scripts: Bash,
set -e, clear progress output
Testing ChangesΒΆ
- Run through the workshop guide yourself
- Verify exploit scripts demonstrate the vulnerability
- Verify fix scripts resolve the issue
- Check documentation renders correctly
Submitting ChangesΒΆ
- Fork and create a branch
- Make changes and test thoroughly
- Submit a Pull Request with a clear description
Questions?ΒΆ
Open an issue.
Thank you for helping others reach the summit safely! ποΈ