HomeGH-300 Study GuideM05 — Developer Productivity

Module 5 — Developer Productivity

Exam weight: 10–15% Study time: 45–60 minutes Lessons: Generation, refactoring & docs · Testing & security

Exam tactic. This module pulls everything earlier together as practical use cases. The exam asks "where does Copilot fit best?" — recognize the use case.

L01 — Code generation, refactoring, and documentation

Where Copilot is strongest in code generation

Practical generation tips

Comment-driven generation:

// Create a REST endpoint that fetches a user by id.
// Returns 404 if not found.
// Uses UserService and returns UserResponseDTO.
@GetMapping("/{id}")

Copilot completes the method from the comment.

File context. If the open file already has other methods, Copilot learns the project's style and follows it.

Refactoring

Useful slash commands (vary by IDE):

CommandPurposeWhere
/explainUnderstand what the code doesVS Code
/optimizeImprove performanceVisual Studio
/simplifySimplify complex codeXcode
/fixFix a known issueVS Code

Common refactoring requests:

Legacy modernization

Copilot is especially useful for modernizing old code: Java 8 → 21 (streams, records, sealed classes), callback-hell → async/await, deprecated API replacement, adding annotations to undocumented code. Watch out: Copilot does not know the latest API (training cutoff). Verify modernization suggestions against current docs.

Documentation

Use Copilot for Javadoc/docstrings, README files, code explanations, and OpenAPI/Swagger generation from existing endpoints.

/**
 * Returns all active users older than the given age.
 *
 * @param age minimum age in years (inclusive)
 * @return list of active users meeting the age criterion
 * @throws IllegalArgumentException if age is negative
 */

Where Copilot saves the most time

Use caseTime savedWatch out for
Repetitive structures (CRUD, DTO)HighVerify the logic
BoilerplateHighAccept quickly
DocumentationHighCheck accuracy
New library adoptionModerateCheck training cutoff
Complex business logicLowNeeds heavy context
Security-critical codeCautiousAlways validate carefully

L02 — Testing and security

Generating tests

Unit tests:

/tests Generate JUnit 5 unit tests for UserService.createUser().
Cover: successful creation, duplicate email (UserAlreadyExistsException),
empty name (ValidationException), null parameter.

Integration tests:

Generate a Spring Boot integration test for UserController.getUser().
Use @SpringBootTest and MockMvc.
Cover 200 OK, 404 Not Found, and 400 Bad Request.

Coverage and test data: ask Copilot to find untested code paths and generate realistic test data including edge cases.

Edge case detection

Copilot is good at this because it has seen many examples of typical bugs.

Identify all edge cases in this method:
- empty input?
- negative values?
- maximum values?
- which exceptions can be thrown?

Security improvements

Vulnerability detection:

Review this code for OWASP Top 10 vulnerabilities.
Focus on SQL injection, XSS, and authentication issues.

Hardening generation:

Add to this REST endpoint:
- input validation
- rate limiting note
- authentication check
- audit logging for sensitive operations

Built-in security warnings: Copilot can warn about hard-coded secrets, SQL injection patterns, unsafe deserialization, and missing input validation.

Important. Copilot's security warnings are not exhaustive. They are an additional tool, not a replacement for proper security auditing or SAST tools.

Exam-ready checklist (M05)

Official source documents