Why Human Oversight Remains Essential in an AI-Driven DevOps LandscapeAlan Shimel discusses the critical need for human oversight in AI-driven DevOps environments, emphasizing collaboration models and the risks of unchecked automation.
DevOps Blog 2025-08-18
Sentry Integrates MCP Server Monitoring into APM Platform for AI WorkflowsMike Vizard outlines the technical and operational impact of Sentry’s new MCP server monitoring tool, emphasizing its importance for DevOps and AI engineering teams tasked with building, debugging, and securing...
DevOps Blog 2025-08-14
Most Organizations Face Breaches Caused by Vulnerable Code, Survey FindsMike Vizard analyzes survey findings about the widespread impact of vulnerable code on organizational security, including the challenge of AI-generated code, adoption of security tools, and the ongoing evolution of...
DevOps Blog 2025-08-14
API Gateway Pattern in Azure: Managing APIs and Routing Requests to MicroservicesDellenny provides a hands-on guide to implementing the API Gateway pattern on Azure using API Management, explaining how to route, secure, and monitor requests to microservices for robust and maintainable...
Dellenny's Blog 2025-08-14
Eclipse Foundation Publishes Toolkit to Simplify CRA ComplianceMike Vizard examines how the Eclipse Foundation’s OCCTET project enables organizations to address EU Cyber Resilience Act compliance, highlighting input from Microsoft and GitHub.
DevOps Blog 2025-08-14
The Right Kind of AI for Infrastructure as CodeIan Amit explores how AI can be effectively applied to Infrastructure as Code, highlighting crucial gaps in current cloud security tools and explaining what attributes make AI truly valuable for...
DevOps Blog 2025-08-13
SonarSource Highlights Security Risks and Code Quality Issues in LLM-Generated CodeMike Vizard summarizes SonarSource’s analysis of LLM-generated code, revealing frequent security vulnerabilities and long-term code quality issues. The article urges DevOps teams to be vigilant when leveraging AI coding tools....
DevOps Blog 2025-08-13
SonarSource Research Highlights Security Risks in LLM-Generated CodeMike Vizard summarizes SonarSource’s research into AI-generated code, highlighting both the strengths and serious security pitfalls of relying on LLMs such as GPT-4o, Claude Sonnet 4, and others.
DevOps Blog 2025-08-13
Practical Data Protection in Microsoft 365: Sensitivity Labels, DLP, and Conditional Access for Small BusinessesDellenny breaks down how small businesses can protect data in Microsoft 365 using sensitivity labels, DLP, and conditional access, providing clear steps and real-life analogies.
Dellenny's Blog 2025-08-13
Secure Integration of Microsoft 365 with Slack, Trello, and Google ServicesDellenny explains how technical teams can securely integrate Microsoft 365 with SaaS tools like Slack, Trello, and Google Services, offering actionable advice to maintain security while enabling collaboration.
Dellenny's Blog 2025-08-13
Minimus Adds VEX Support and Microsoft SSO Integration to Hardened Images ServiceMike Vizard explains how Minimus’ updated service now helps DevSecOps teams with VEX support, secure Helm charts for Kubernetes, compliance dashboards, and Microsoft SSO integration, enhancing application security workflows.
DevOps Blog 2025-08-11
ArmorCode Expands Anya AI to Deliver Custom Code Fixes for Runtime EnvironmentsMike Vizard examines how ArmorCode’s Anya AI now generates automated, environment-specific code fixes and brings software supply chain insight to application security, as announced at Black Hat USA 2025.
DevOps Blog 2025-08-07
Black Duck Software Brings AI-Powered Security to IDEsMike Vizard reports on Black Duck Software’s new integration of their AI security assistant into IDE plugins, enabling real-time vulnerability detection and support for natural language security queries as developers...
DevOps Blog 2025-08-07
What Vibe Coding Means for the Enterprise: Fast Code, Real ConsiderationsTom Howlett examines the enterprise-level implications of vibe coding and AI-assisted development, highlighting both the acceleration of innovation and the real risks in security and code maintainability.
DevOps Blog 2025-08-07
Cycode Adds AI Agent to Assess Exploitability of Application VulnerabilitiesAuthored by Mike Vizard, this article explores Cycode’s new AI agent for its application security platform. The tool is designed to evaluate and prioritize vulnerabilities, helping DevSecOps teams respond more...
DevOps Blog 2025-08-05
Exploring Passkey Support in ASP.NET Core Identity with .NET 10 Preview 6In this comprehensive post, Andrew Lock examines the new passkey support introduced in ASP.NET Core Identity and the Blazor Web App template as part of .NET 10 preview 6, explaining...
Andrew Lock's Blog 2025-08-05
Secret Store Pattern in Azure Using Secure Vaults for Credentials and SecretsDellenny details how to implement the Secret Store Pattern in Azure, guiding developers to use Azure Key Vault for managing credentials and secrets securely in cloud-native applications.
Dellenny's Blog 2025-08-04
Token-Based Authentication in Azure Using JWT for Stateless SecurityDellenny presents a comprehensive technical walkthrough on implementing stateless, token-based authentication in Azure using JWT, with practical scenarios for developers and architects.
Dellenny's Blog 2025-08-01
Federated Identity in Azure: Seamless Access with External Identity ProvidersDellenny explains how Federated Identity is implemented on Microsoft Azure, focusing on secure authentication with external identity providers and the architectural benefits for organizations adopting hybrid and multi-cloud solutions.
Dellenny's Blog 2025-07-31
Beyond the Firewall - Achieving True Observability in Hybrid InfrastructureIn this article, Gerardo Dada outlines why true observability is vital in today’s hybrid infrastructures. He examines tools and practices enabling DevOps teams to monitor complex environments.
DevOps Blog 2025-07-31
“Shove Left” – Dumping Downstream Tasks Onto Developers – A Recipe for FailureAuthor Peter Pickerill warns against the ‘Shove Left’ anti-pattern in DevOps, illustrating how offloading tasks onto developers without real change can harm teams and outcomes.
DevOps Blog 2025-07-30
Emerging DevOps Trends: Security, Scalability and SustainabilityHarikrishna Kundariya explores key trends in the DevOps landscape, addressing how security, scalability, and sustainability are influencing modern development practices.
DevOps Blog 2025-07-30
A Practical Guide to Setting up Microsoft Azure Trusted Signing for Code Signing CertificatesIn this extensive guide, Rick Strahl shares his experience with setting up Microsoft Azure Trusted Signing for code signing, discussing certificate requirements, Azure configuration, and practical challenges developers may face....
Rick Strahl's Blog 2025-07-21
Key Trends Driving Software Engineering in 2025Dellenny outlines core trends for software engineers in 2025—from AI-powered development and DevSecOps to ethical and sustainable engineering—providing practitioners with the strategies and skills they should prioritize.
Dellenny's Blog 2025-07-20
Microsoft Adds Telemetry Collection to Its FIPS-Compliant Go Compiler BuildTim Anderson explores Microsoft’s addition of telemetry to its Go compiler build for FIPS compliance, discussing its impact on Azure Linux, cryptographic strategy, and developer workflows.
DevClass 2025-07-08
Security Risks from Deleted GitHub Commits: Admin Access to Istio ExposedTim Anderson’s article explores how lingering commit history on GitHub enabled a researcher to find secrets—including admin tokens for Istio—highlighting security risks and mitigation strategies for developers.
DevClass 2025-07-03
How to Authenticate Connect-MgGraph Using OIDC in GitHub ActionsJesse Houwing walks through authenticating maintenance PowerShell scripts to Microsoft Graph in GitHub Actions, using OpenID Connect and Azure CLI, for improved security and automation.
Jesse Houwing's Blog 2025-06-10
Intent vs. Mechanics: The Power of Abstraction in AspireIn this article, David Fowler explores how Aspire simplifies application development by abstracting environment-specific details, allowing developers to focus on intent, especially when managing secrets via Azure Key Vault.
David Fowler's Blog 2025-05-11
Enhancing Windows Server Security with App Control and Azure Arc IntegrationIn this post, Thomas Maurer teams up with Carlos Mayol Berral to explore practical strategies for securing Windows Server environments using App Control and centralized management via Azure Arc.
Thomas Maurer's Blog 2025-04-22
NetEscapades.AspNetCore.SecurityHeaders 1.0.0 Released: Major Updates and New Security FeaturesAndrew Lock introduces NetEscapades.AspNetCore.SecurityHeaders 1.0.0, outlining extensive new features, updates, and best practices for integrating enhanced security headers in ASP.NET Core applications.
Andrew Lock's Blog 2025-04-15
Creating SBOM Attestations for NuGet Packages Using GitHub ActionsIn this blog post, Andrew Lock demonstrates how to create SBOM attestations for your .NET applications or NuGet packages using GitHub Actions, enhancing supply chain security.
Andrew Lock's Blog 2025-04-01
Repost: Protect the Repository Hosting Your GitHub ActionAuthored by Jesse Houwing, this detailed post focuses on safeguarding GitHub Action repositories, outlining practical recommendations to counteract risks like those recently exposed in the changed-files hack.
Jesse Houwing's Blog 2025-03-25
Creating a Software Bill of Materials (SBOM) for an Open-Source NuGet PackageIn this comprehensive guide, Andrew Lock demonstrates how to generate SBOMs for .NET NuGet packages using tools like GitHub’s SBOM export, Microsoft’s sbom-tool, anchore/sbom-action, and CycloneDX, highlighting practical considerations for...
Andrew Lock's Blog 2025-03-25
Creating Provenance Attestations for NuGet Packages in GitHub ActionsAndrew Lock examines how developers can create provenance attestations for NuGet packages using GitHub Actions. He details the underlying mechanics, security implications, verification methods, and practical challenges, including how to...
Andrew Lock's Blog 2025-03-18
Windows Server 2025 Security Baseline and App Control: Enhancing Windows Server SecurityIn this article, Thomas Maurer interviews Carlos Mayol Berral of Microsoft to showcase Windows Server 2025 Security Baseline and App Control, offering insights and demos for IT administrators and security...
Thomas Maurer's Blog 2025-03-17
Really Keeping Your GitHub Actions Usage SecureIn this post, Rob Bos details a recent security incident involving a compromised GitHub Action and offers guidance on securing your CI/CD pipelines with robust processes and tooling.
Rob Bos' Blog 2025-03-16
Say Goodbye to Personal Access Tokens (PATs) in Azure DevOps: Practical Migration StrategiesIn this post, Michael Thomsen discusses how his team eliminated all Azure DevOps Personal Access Tokens (PATs). He details practical migration steps, leveraging service principals and workload identity federation, making...
Jesse Houwing's Blog 2025-03-04
Implement Role-Based Authorization With Keycloak, Web API, and Blazor WebAssemblyMarinko Spasojević guides readers through implementing role-based authorization using Keycloak with Blazor WebAssembly and Web API, exploring role assignment, claims mapping, and securing both UI and API endpoints in modern...
Code Maze Blog 2025-02-21
Keycloak Authentication with ASP.NET Core Web API and Blazor WebAssemblyIn this article, Marinko Spasojević details how to integrate Keycloak authentication with both a Blazor WebAssembly client application and an ASP.NET Core Web API backend, providing step-by-step guidance and sample...
Code Maze Blog 2025-02-17
Comparison of Rebus, NServiceBus, and MassTransit in .NETAuthored by Michal Kaminski, this comprehensive comparison explores Rebus, NServiceBus, and MassTransit, guiding .NET developers through their features, implementation, and use cases.
Code Maze Blog 2024-12-16
DevCon Romania 2024: Protecting Against Supply Chain Attacks in DevOps PipelinesRob Bos, presenting at DevCon Romania 2024, offers a comprehensive overview on protecting software supply chains from attacks, focusing on best practices in DevOps and pipeline security.
Rob Bos' Blog 2024-11-07
AI Security Posture Management (AI-SPM): What Is It and When Should You Use It?In this post, Kim Grönberg discusses the fundamentals of AI Security Posture Management (AI-SPM), how it compares with traditional CSPM solutions, its use cases, and why organizations should consider adopting...
Zure Data & AI Blog 2024-11-05
Scan Your GitHub Workflow Artifacts for Leaked Secrets with PowerShell and TruffleHogIn this post, Jesse Houwing provides a practical PowerShell script for scanning GitHub workflow artifacts for leaked secrets. Learn how the script leverages TruffleHog and covers setup, execution, and best...
Jesse Houwing's Blog 2024-08-19
GitHub Advanced Security for Azure DevOpsIn this article, Rob Bos explores the public preview of GitHub Advanced Security (GHAS) features recently introduced to Azure DevOps, as announced at Microsoft Build 2023, and shares firsthand experiences...
Rob Bos' Blog 2023-05-23