Browse DevOps News (289)

Jason Helmick announces the GA release of Microsoft Desired State Configuration (DSC) v3.2.0, covering new built-in Windows resources, experimental Bicep orchestration over gRPC, expanded WhatIf support, version pinning, expression language updates, and adapter/extension improvements, plus install and support lifecycle details.

Mark Downie covers the April Visual Studio 2026 update, focusing on GitHub Copilot’s new cloud agent workflow, user-level custom agents, and a Debugger Agent that validates fixes against real runtime behavior, plus improvements to C++ agent tools, IntelliSense vs Copilot completion priority, and configurable Copilot shortcuts.

Kedasha Kerr explains how to use Markdown on GitHub to write clearer READMEs and to format issues, pull requests, and comments. The post walks through core Markdown syntax—headings, emphasis, blockquotes, lists, code, links, and images—plus how to try it directly in a repository.

Alexis Wales explains how GitHub validated, fixed, and investigated a critical remote code execution issue in the git push pipeline, including what caused the injection, how GitHub confirmed no exploitation on github.com, and what GitHub Enterprise Server admins should patch and review.

Vlad Fedorov shares what GitHub is changing after two recent availability incidents, including scaling work driven by rapid growth in pull requests and API usage, plus concrete reliability efforts like service isolation, caching improvements, and continued migration to Azure and a future multi-cloud posture.

Allison shares a GitHub Changelog update: Copilot cloud agent now starts over 20% faster by using optimized runner environments prebuilt with GitHub Actions custom images, reducing environment startup overhead when Copilot begins work from issues, PRs, or the Agents tab.

Allison announces a billing change for GitHub Copilot code review: starting June 1, 2026, reviews will consume both Copilot AI Credits and (for private repos) GitHub Actions minutes, with guidance on checking usage, budgets, and runner configuration.

Allison announces an upcoming change to GitHub App installation token format, including Actions-issued GITHUB_TOKEN. The update moves to a longer, stateless JWT-based token and calls out common breakpoints like hardcoded token-length checks, regex validation, and too-small database columns.

Allison announces two upcoming GitHub changes: web notification retention will drop from five months to three, and watches on repositories archived for over six months will be removed for non-collaborators.

Josef Sin explains what the Axios npm supply chain compromise means for Azure Pipelines users, who is and isn’t impacted, and what to do if your CI/CD runs may have installed the malicious versions—covering agent types, service connections, cache cleanup, and practical mitigation steps.

Allison announces improvements to GitHub Copilot Chat for pull requests, including richer PR context (comments, file changes, commits, reviews) plus new capabilities to review and summarize PRs directly from GitHub surfaces.

Allison announces that GitHub’s new global pull requests dashboard is now enabled by default as an opt-out public preview, and summarizes the latest improvements to the inbox and pull request list views for managing reviews and PR activity.

Allison announces an improvement to GitHub’s supply chain security tooling: Python dependency graphs can now be generated via a new Dependabot job that submits dependency snapshots to the Dependency Submission API, producing more complete transitive dependency trees and SBOMs across pip, uv, and Poetry projects.

Allison announces a GitHub organization-level setting that lets org owners disable commit comments across all repositories at once, instead of configuring each repo individually, with steps to find the setting in Organization Settings → Repository → General.

Richard Lander explains what Ubuntu 26.04 (Resolute Raccoon) means for .NET developers, including how to install .NET 10 from Ubuntu’s archive, use the new `resolute` Docker image tags, and install .NET 8/9 via the dotnet-backports PPA.

Kristen Womack announces multi-language hook support in the Azure Developer CLI (azd), so you can run lifecycle scripts in Python, JavaScript, TypeScript, or .NET (not just Bash/PowerShell). The post shows how to configure hooks in azure.yaml, how azd resolves dependencies per language, and how to override execution settings.

Azat Galiev explains a performance improvement to the Azure DevOps REST API that makes large-scale Git policy governance faster: using `refName=~all` with `GET /_apis/git/policy/configurations` to retrieve all policies affecting a repo (including branch policies) without expensive client-side filtering.

Takuto Higuchi and jeffhollan outline an end-to-end path for building production AI agents with Microsoft Agent Framework v1.0 and Azure AI Foundry: local dev in VS Code, multi-agent composition, managed memory, tool access, hosted runtime, and observability (tracing, evaluations, red teaming) through to publishing in Teams/Microsoft 365.

Ales Holecek explains how Microsoft is adapting security practices for AI-accelerated threats, including AI-led vulnerability discovery in SDL, faster Defender detections tied to updates, and exposure-reduction guidance via Microsoft Security Exposure Management (Secure Now), plus work with Anthropic models evaluated using CTI-REALM.

Panagiotis Liaros announces a public preview feature in Azure Test Plans that adds an “Actual Result” field for manual test steps, including step-level capture (text and attachments), test plan-level configuration, review in the Test Run Hub, and REST API access.