Browse All News (707)
Allison outlines what changed in CodeQL 2.25.2 for GitHub code scanning, including Kotlin 2.3.20 support, multiple query accuracy tweaks (notably for C#), and updated security-severity scores for issues like XSS and log injection across several languages.
Allison explains a new GitHub Copilot Cloud Agent (CCA) admin capability: enterprise admins can now enable the agent for selected organizations (including via organization custom properties), and manage the policy through the AI Controls page or new REST API endpoints.
Yun Jung Choi explains that Azure MCP tools are now built into Visual Studio 2022 via the Azure development workload, letting developers enable an Azure MCP Server inside GitHub Copilot Chat to provision resources, deploy apps, and troubleshoot Azure services without installing a separate extension.
Cassidy Williams interviews GitHub Staff Software Engineer Brittany Ellich about building a personal “command center” app, focusing on how GitHub Copilot CLI and agent-based workflows supported the process from planning through implementation.
Phillip Misner and Stephen Finnigan explain how incident response changes for AI systems: non-determinism and high-volume output shift triage, containment, telemetry needs, and remediation verification, while many IR fundamentals (ownership, escalation, and communication) still apply.
Harshada Hole introduces Visual Studio’s Debugger Agent guided workflow, which uses a live debugging session to help you reproduce bugs, validate hypotheses via breakpoints and call stacks, and iterate to a verified fix with less manual setup.
Fernando Vasconcellos outlines evergreen cloud cost optimization principles and explains how AI workloads change cost patterns, with practical guidance on visibility, governance, rightsizing, and continuous review—framed around managing and optimizing spend on Azure over time.
Laura Jiang announces two Azure DevOps Advanced Security updates: CodeQL default setup to enable org-wide code scanning without per-repo pipeline configuration, and a combined alerts experience (with security campaigns) to triage and coordinate remediation across all repositories.
Reenu Saluja breaks down the main Azure hosting options for production AI agents and explains when to use each, with a deeper walkthrough of Microsoft Foundry Hosted Agents (deployment, lifecycle management, observability, scaling, and invocation patterns).
David Sanchez lays out a practical DevOps playbook for teams adopting AI coding agents (including GitHub Copilot Cloud Agent), focusing on readiness prerequisites, human–agent collaboration patterns, pipeline changes, governance, and security controls needed to keep quality and accountability intact as non-human contributors scale up.
Allison announces that Dependabot and code scanning can now use OpenID Connect (OIDC) for organization-level access to private registries, reducing reliance on long-lived secrets and enabling short-lived, dynamically issued credentials.
Allison announces new GitHub features that surface deployment and runtime context in repository properties and security alert pages, helping teams automate policy enforcement and prioritize Dependabot and code scanning alerts based on real production risk.
Rahul Bhandari (MSFT) and Tara Overfield summarize the April 2026 .NET and .NET Framework servicing releases, including the updated versions, links to release notes and installers, and the list of security CVEs addressed across supported .NET and .NET Framework versions.
.NET Team announces .NET 11 Preview 3, summarizing what’s new across the runtime, SDK, libraries, C#, ASP.NET Core, .NET MAUI, Entity Framework Core, and official container images, with links to detailed release notes and downloads.
Kristen Womack explains how `azd update` simplifies keeping the Azure Developer CLI current across Windows, macOS, and Linux, including how to switch between stable and daily release channels.
Gloridel Morales announces April patches for Azure DevOps Server, summarizing key fixes (pull request completion reliability, safer sign-out redirect validation, and GitHub Enterprise Server PAT connection) and showing how to verify the patch is installed.
Allison announces a public preview feature that lets teams link GitHub code scanning alerts to GitHub Issues, making it easier to track and prioritize security remediation work in existing planning workflows.
Joseph Katsioloudes introduces Season 4 of GitHub’s Secure Code Game, a hands-on set of challenges where you exploit and fix vulnerabilities in an agentic AI assistant (ProdBot) to learn real-world AI-agent security risks like prompt-based tool misuse, memory poisoning, and sandbox escape.
Allison announces an update that lets GitHub organizations configure multiple private registries per package ecosystem for Dependabot and code scanning, including org-level OIDC authentication support via the UI and REST API.
stclarke shares a Microsoft AI announcement introducing MAI-Image-2-Efficient, a production-oriented text-to-image model available in Microsoft Foundry and MAI Playground, positioned as faster and cheaper than MAI-Image-2 while maintaining “flagship” quality.