Automatically Signing Windows Executables with Azure Trusted Signing, dotnet sign, and GitHub ActionsScott Hanselman guides developers through the full process of signing Windows executables using Azure Trusted Signing, dotnet sign, and GitHub Actions. The tutorial blends practical, real-world experience with detailed step-by-step...
Scott Hanselman's Blog 2025-11-28
Managing Azure AD Identity Protection: Detecting and Mitigating Risky Sign-insJohn Edward explains how Azure AD Identity Protection helps organizations detect and remediate risky sign-ins, focusing on security strategies and actionable workflows.
Dellenny's Blog 2025-11-26
How to Implement Azure AD Conditional Access Policies Step-by-StepJohn Edward provides a practical walkthrough for implementing Azure AD Conditional Access policies, offering technical insights and best practices for securing Microsoft cloud identities.
Dellenny's Blog 2025-11-26
Microsoft Ignite 2025: The Dawn of the AI-Agent EraJohn Edward summarizes the technical innovations unveiled at Microsoft Ignite 2025, highlighting AI agents, enterprise governance, and robust security features that are redefining the Microsoft ecosystem.
Dellenny's Blog 2025-11-26
Understanding Azure AD Tenants, Users, Groups, and Roles: A Practical GuideJohn Edward presents a practical guide to Azure AD and Microsoft Entra ID, explaining tenants, user management, groups, and roles for identity and security in the cloud.
Dellenny's Blog 2025-11-26
Commvault SHIFT Virtual: AI and Cyber Resilience Insights for Microsoft Identity and CloudThomas Maurer explores best practices and platform updates from Commvault SHIFT 2025, emphasizing AI-powered resilience and security for Microsoft identity systems like AD and Entra ID.
Thomas Maurer's Blog 2025-11-24
Configuring Windows Firewall for Maximum SafetyJohn Edward explains how to maximize Windows Firewall’s protection through clear, practical steps, enabling users of all levels to better secure their Windows computers.
Dellenny's Blog 2025-11-23
Setting Up Ransomware Protection in Windows 11: Step-by-Step GuideJohn Edward presents a practical walkthrough for enabling ransomware protection on Windows 11, highlighting essential security settings and backup strategies to safeguard your files.
Dellenny's Blog 2025-11-23
Guide to Using Microsoft Defender Effectively in Windows SecurityJohn Edward provides a user-friendly guide detailing how to leverage Windows Security and Microsoft Defender Antivirus to keep your PC safe from malware and ransomware.
Dellenny's Blog 2025-11-22
Windows 11 Security Features: Protecting Your PC and DataJohn Edward investigates Windows 11’s robust security features, highlighting hardware requirements, identity protection, and real-time defense tools for safeguarding users’ PCs and personal data.
Dellenny's Blog 2025-11-22
Your Guide to Debugging and Reviewing Copilot-Generated CodeJohn Edward offers an in-depth guide to debugging and reviewing code produced by GitHub Copilot, providing practical strategies for ensuring code quality and security in AI-augmented development.
Dellenny's Blog 2025-11-21
The Evolving Blueprint: What’s Next for the Software Architect Role?John Edward examines how the software architect role is evolving, focusing on technical leadership, cloud-native patterns, AI integration, DevOps, and security-driven design.
Dellenny's Blog 2025-11-20
Setting Up Security Alerts for Unusual GitHub Copilot ActivityJohn Edward presents a practical guide for enabling security alerts on unusual GitHub Copilot activity, detailing the risks, monitoring strategies, and key technical steps to help organizations secure their AI-powered...
Dellenny's Blog 2025-11-18
Deterministic Guardrails for AI-Generated Code: Why Observability and Smarter Linters MatterYechezkel Rabinovich explores the shifting landscape of AI-generated code and DevOps, emphasizing the importance of deterministic verification and observability to maintain reliability and security.
DevOps Blog 2025-11-18
Observability and Security: Evolving DevOps Across Cloud-Native EnvironmentsJoe Selvam demonstrates how unified observability and cloud security practices can drive resilience and trust for DevOps teams operating in multi-cloud environments.
DevOps Blog 2025-11-18
MLSecOps and Prompt Security: DevOps Strategies for AI Pipeline ProtectionAlex Vakulov provides an in-depth look at the challenges and solutions for prompt security within AI-enabled DevOps workflows, highlighting the emergence of PromptOps and MLSecOps practices.
DevOps Blog 2025-11-18
Managing .NET Support Lifecycles: Why Paying for Post-EOL Support Is PracticalAndrew Lock reviews the .NET support lifecycle and demonstrates how organizations can avoid risks from unsupported versions by leveraging HeroDevs’ Never Ending Support for .NET 6.
Andrew Lock's Blog 2025-11-18
DevOps for GenAI Toronto Hackathon: Lifecycle Automation, MLOps, and Enterprise AI SecurityGarima Bajpai charts the strategic evolution of the DevOps for GenAI Toronto Hackathon, spotlighting new automation, monitoring, MLOps, and enterprise AI security tracks tailored for hands-on developers, engineers, and data...
DevOps Blog 2025-11-17
Setting Up Security Policies in Microsoft 365 Trial TenantsDellenny guides readers through setting up baseline security protections for Microsoft 365 trial tenants, highlighting practical steps to reduce vulnerabilities and secure cloud services.
Dellenny's Blog 2025-11-17
How Hyperconnected AI Development Creates a Multi-System Secret SprawlGuillaume Valadon examines how hyperconnected AI development workflows lead to an explosion in secret sprawl, leaking real credentials into public code repositories. The article diagnoses the causes and provides actionable...
DevOps Blog 2025-11-14
Scaling GitOps for Continuous Delivery in Hybrid and Multi-Cloud EnvironmentsAnkur Mahida delivers an in-depth analysis of GitOps adoption in hybrid cloud environments, highlighting architectural, governance, and security strategies for scaling continuous delivery with Azure, Kubernetes, and modern DevOps tooling....
DevOps Blog 2025-11-14
Introducing the Digital Sovereignty Specialization for the Microsoft AI Cloud Partner ProgramThomas Maurer discusses Microsoft’s new Digital Sovereignty Specialization for the AI Cloud Partner Program, an initiative to help partners and customers navigate sovereign, secure, and compliant deployments on Azure and...
Thomas Maurer's Blog 2025-11-13
JFrog Adds AI-Generated Code Detection to Secure Software Supply ChainsMike Vizard examines how JFrog’s new AI code detection and governance features empower DevSecOps teams to enhance software supply chain security and manage risks from AI-generated code.
DevOps Blog 2025-11-13
Survey Reveals Challenges in DevOps Platform Migrations and AI Tool IntegrationMike Vizard discusses a survey of enterprise technology leaders, exploring the real-world difficulties of DevOps platform migrations, the risks of AI integration without review, and the impact on developer morale...
DevOps Blog 2025-11-13
Azure Governance Tools: Policies, Blueprints, and RBAC ExplainedDellenny presents a thorough guide covering Azure Policy, Blueprints, and RBAC—core tools for managing governance, security, and compliance in Microsoft Azure environments.
Dellenny's Blog 2025-11-12
Strengthen Server Resilience: Enabling WinRE for Windows Server with Azure ArcThomas Maurer details how to use Azure Arc and Azure Policy to audit and enable Windows Recovery Environment (WinRE) for Windows Server, empowering IT teams to improve hybrid cloud resilience...
Thomas Maurer's Blog 2025-11-11
Vibe Coding Can Create Unseen VulnerabilitiesJeff Kuo explores how AI-powered vibe coding speeds up software creation, but warns that developer supervision is required to avoid security and quality issues in the final product.
DevOps Blog 2025-11-11
Sovereign and Adaptive Cloud: Microsoft Ignite 2025 HighlightsThomas Maurer provides a strategic summary of Sovereign Cloud and Adaptive Cloud themes at Microsoft Ignite 2025, with actionable insights for architects and decision-makers concerned with compliance, flexibility, and cloud...
Thomas Maurer's Blog 2025-11-10
How Microsoft Keeps Your Data Safe in the Cloud – A Deep Dive into Cloud Security PracticesDellenny offers an in-depth look at Microsoft’s cloud security architecture, covering topics like encryption, identity, compliance, and customer responsibilities to help secure data in the cloud.
Dellenny's Blog 2025-11-10
DevSecOps in Practice: Closing the Gap Between Development Speed and Security AssuranceUsman Peter explores practical DevSecOps strategies for integrating security and speed in modern software teams. Learn how to foster a security-focused culture, use automation, and balance risk management with rapid...
DevOps Blog 2025-11-07
5 Pillars of Successful Web App DevelopmentRoman Davydov discusses best practices for web app development, emphasizing key pillars such as security, performance, and user-centric design. The article delivers insights valuable to development and DevOps teams.
DevOps Blog 2025-11-06
Shared Responsibility Model in Azure Explained with Real ExamplesDellenny discusses the Shared Responsibility Model in Azure, illustrating how security roles are divided between Microsoft and the customer, with practical real-world examples and clear advice.
Dellenny's Blog 2025-11-05
Identity in Azure: Understanding Azure AD, Authentication, and AuthorizationDellenny offers IT professionals an in-depth look at managing digital identities and access in Azure, emphasizing concepts like authentication, authorization, and practical use of Azure Active Directory for secure application...
Dellenny's Blog 2025-11-05
How Microsoft Azure Ensures Data Privacy and Global ComplianceDellenny reviews how Microsoft Azure delivers enterprise-grade data privacy and global compliance, outlining core security practices, regional controls, and powerful governance tools for organizations with strict regulatory needs.
Dellenny's Blog 2025-11-05
Azure Security Basics: Network Security Groups, Firewalls, and Defender for CloudDellenny provides a practitioner-focused walkthrough on securing Azure networks using Network Security Groups, Azure Firewall, and Defender for Cloud, outlining practical strategies and best practices for cloud security.
Dellenny's Blog 2025-11-05
DevOps Workflow: The Key Elements and Tools InvolvedPeter Baker explores the key elements and practices of modern DevOps workflows, focusing on automation, collaboration, CI/CD, IaC, security integration, and tool selection for continuous software delivery.
DevOps Blog 2025-11-04
Your Next Secrets Leak is Hiding in AI Coding ToolsAsaolu Elijah examines the surge in secrets leakage fueled by AI coding tools within DevOps workflows, outlining the primary vulnerabilities and offering actionable guidance for platform and security teams.
DevOps Blog 2025-11-04
How Cybersecurity Teams Can Work Better with DevOpsSamuel Ogbonna details how cybersecurity and DevOps teams can enhance collaboration by embedding security throughout the DevOps pipeline, sharing actionable best practices and communication strategies.
DevOps Blog 2025-11-03
Why Developer Discipline Matters More Than Ever in the AI EraMike Vizard reports on Snyk CTO Danny Allan’s warning regarding software security challenges posed by AI-powered coding, explaining why developer discipline and security integration are critical.
DevOps Blog 2025-10-31
Aembit Launches IAM Solution for Agentic AI in Enterprise Environmentscybernewswire covers Aembit’s new IAM for Agentic AI, a solution giving enterprises fine-grained control and auditability over AI agent access to sensitive resources, featuring cryptographically verified identities and centralized policy...
DevOps Blog 2025-10-30
How to Integrate Quantum-Safe Security into Your DevOps WorkflowCarl Torrence offers a practical guide for DevOps professionals to integrate quantum-safe security into their workflows, outlining key steps to assess vulnerabilities, update encryption protocols, and automate secure practices in...
DevOps Blog 2025-10-30
Exploring Cloud Key Management OptionsAlexander Williams breaks down the core options for cloud key management—including Azure Key Vault—highlighting how different models impact security, compliance, and operational complexity for DevOps and security teams.
DevOps Blog 2025-10-30
Survey Reveals Security Risks in AI-Generated CodeMike Vizard presents insights from a survey of IT professionals, revealing the widespread security vulnerabilities found in AI-generated code, and discussing the implications for DevOps and security teams.
DevOps Blog 2025-10-29
AppOmni Open Sources Heisenberg Tool for Dependency Scanning in PRsMike Vizard discusses AppOmni’s Heisenberg, an open source tool that automatically scans pull requests for risky dependencies and generates real-time SBOMs, supporting better security practices for developers and DevSecOps teams....
DevOps Blog 2025-10-29
An Experience-Based Guide to Choosing the Right DevOps Provider in 2026Alex Vakulov guides readers through a practical, experience-based process for choosing a DevOps provider in 2026, addressing key technical and organizational requirements for successful collaboration.
DevOps Blog 2025-10-29
Top 10 Azure Services Everyone Should Know (2025 Edition)Dellenny provides a practical guide to the top 10 Azure services everyone in IT, development, or cloud architecture should know in 2025, outlining what they are, when to use them,...
Dellenny's Blog 2025-10-29
What Is Microsoft Azure? A Beginner’s Guide to the Azure EcosystemDellenny presents a comprehensive beginner’s overview of Microsoft Azure, covering its main services, advantages, and essential tools for IT professionals and developers entering the Azure ecosystem.
Dellenny's Blog 2025-10-29
Securing the AI Era: How Development, Security, and Compliance Must EvolveSumeet Singh explores how AI is reshaping software development, security, and compliance, detailing new models for continuous risk management and automation in the SDLC.
DevOps Blog 2025-10-28
Azure Local Overview: Hybrid Cloud, Edge, and Sovereign ScenariosThomas Maurer provides a practical, architect-focused walkthrough of Azure Local, covering hybrid cloud architecture, edge scenarios, digital sovereignty, security features, and workload management, with actionable demos and management techniques.
Thomas Maurer's Blog 2025-10-28
Understanding the Worst .NET Vulnerability Ever: Request Smuggling and CVE-2025-55315Andrew Lock provides an in-depth technical breakdown of the ASP.NET Core CVE-2025-55315 vulnerability, explaining request smuggling, exploitation avenues, and steps for developers to remain secure.
Andrew Lock's Blog 2025-10-28
Patch Management is Essential for Securing DevOpsAlexander Williams outlines why integrated patch management is fundamental to securing DevOps environments, focusing on automation, vulnerability scanning, and resilient rollout strategies.
DevOps Blog 2025-10-27
Azure Local 2510 Release: New Features for Edge, Security, and Hybrid CloudThomas Maurer details the Azure Local 2510 release, covering new security and deployment features for edge and hybrid cloud environments. The post is especially useful for architects and IT professionals...
Thomas Maurer's Blog 2025-10-27
Shared Responsibility Model in Cloud Computing SimplifiedDellenny offers a straightforward breakdown of the Shared Responsibility Model in Microsoft Azure, clarifying which security tasks belong to Microsoft and which to cloud customers.
Dellenny's Blog 2025-10-27
10 AI Coding Tool Behaviors That Ignore Software Engineering Best PracticesMike Vizard examines a report by Ox Security highlighting ten problematic behaviors exhibited by AI coding tools, focusing on their impact on software quality and DevOps security workflows.
DevOps Blog 2025-10-23
The Silent Technical Debt: Why Manual Remediation Is Costing You More Than You ThinkBob Shaker analyzes how manual remediation of software vulnerabilities creates substantial technical debt, drains developer time, and increases organizational risk. The article proposes intelligent remediation as a solution to these...
DevOps Blog 2025-10-23
Before You Deploy AI Agents in Observability: Nine Key Guardrails for SafetyPankaj Thakkar outlines nine essential guardrails for deploying AI agents in observability platforms, balancing automation benefits with safety, security, and human oversight.
DevOps Blog 2025-10-23
Why Nano Updates Only Work if You Begin with the Latest and Greatest SoftwareDustin Kirkland examines why nano updates are most effective when organizations start with the latest software versions, highlighting best practices for minimizing technical debt and bridging security with engineering through...
DevOps Blog 2025-10-23
Cycode Unveils AI Tool and Platform Detection for Application Security TeamsMike Vizard covers Cycode’s preview of capabilities to detect and inventory AI tools and platforms in codebases, helping DevSecOps teams enhance application security and governance.
DevOps Blog 2025-10-21
SonarSweep: Improving AI-Generated Code Quality and SecurityMike Vizard discusses how Sonar’s SonarSweep service helps AI development teams reduce bugs and vulnerabilities in AI-generated code, offering actionable insights for DevOps and security professionals.
DevOps Blog 2025-10-21
Infrastructure as Code, Security Blind Spots, and the Messy Reality of DevOpsMarcin Wyszynski draws on years of infrastructure and reliability engineering experience to dissect the messy reality of DevOps and security, highlighting the challenges with audits, automation, and the human element....
DevOps Blog 2025-10-17
Beyond the Platform: How Enterprises Can Unify Their DevOps Toolchains for Better Governance and AI ReadinessShawn Ahmed addresses enterprise DevOps toolchain sprawl and highlights how CloudBees Unify enables centralized governance, built-in security, and prepares organizations for AI-driven automation.
DevOps Blog 2025-10-16
VS Code Marketplace Secret Leaks Highlight Risks in Extensions and AI ConfigurationsJeff Burt provides an in-depth report on Wiz’s investigation into a major secrets leak in VS Code extension marketplaces, exposing critical risks for Microsoft developers and AI tool users.
DevOps Blog 2025-10-15
Survey Reveals Rapid AI Adoption to Strengthen DevSecOps PracticesMike Vizard summarizes a Fastly survey showing rapid AI adoption for DevSecOps, detailing the integration level, trust factors, and challenges as organizations automate application security.
DevOps Blog 2025-10-15
How Microsoft is Addressing Digital Sovereignty in SwitzerlandThomas Maurer details how Microsoft is helping Swiss organizations achieve digital sovereignty, highlighting cloud region options, compliance features, and secure multi-cloud management for technical stakeholders.
Thomas Maurer's Blog 2025-10-15
Establishing Visibility and Governance for Your Software Supply ChainParth Patel explores modern strategies to secure software supply chains through asset visibility, governance practices, and automation, highlighting best practices such as using SBOMs, enforcing policies, and leveraging runtime analysis....
DevOps Blog 2025-10-14
Why 'Shift Left' Alone Isn't Enough: Embedding Security Across Software DeliveryJulian Browne examines the limitations of ‘shift left’ as a security mantra, advocating instead for embedding security continuously across the software delivery lifecycle for real-world resilience.
DevOps Blog 2025-10-14
Efficient End-to-End Encryption for Git Services: Enhancing DevOps SecurityTom Smith delves into the latest research on securing Git repositories with efficient end-to-end encryption, outlining benefits and challenges for DevOps teams seeking stronger repository protection.
DevOps Blog 2025-10-13
Building an Azure Enterprise-Scale Landing Zone: Foundation for Cloud GovernanceDellenny explains how to establish a robust, future-ready Azure foundation with Enterprise-Scale Landing Zones, highlighting essential practices and tools for security, governance, and scalable cloud operations.
Dellenny's Blog 2025-10-12
How IDPs, AI, and Security Are Evolving DevOps CultureOlivier de Turckheim explores how internal developer platforms, AI, and security are transforming both culture and practical workflows in DevOps, covering the emergence of AIOps, DevSecOps, and the integration of...
DevOps Blog 2025-10-09
Common IaC Security Issues and How to Fix ThemDurojaye Olusegun explains the five most critical security risks in Infrastructure as Code (IaC), demonstrating practical fixes and preventative best practices to enhance DevOps security and compliance.
DevOps Blog 2025-10-08
Full-Stack Observability and AI: Mitigating IT Outage CostsJames Maguire summarizes a New Relic survey on the value of full-stack observability and AI-driven monitoring in cutting IT outage costs, with insights into productivity, incident detection, and enterprise tooling...
DevOps Blog 2025-10-07
How AI Enhances DevOps Pipelines for Smarter AutomationJoydip Kanjilal discusses how the integration of AI in DevOps pipelines enables smarter automation, intelligent CI/CD, predictive analytics, and enhanced security, helping teams deliver software faster and more securely.
DevOps Blog 2025-10-07
Implementing Zero Trust Architecture in an Azure EnvironmentDellenny offers a comprehensive walkthrough of Zero Trust implementation in Azure, illustrating practical use of Microsoft’s security tools and providing a step-by-step architecture roadmap for securing cloud environments.
Dellenny's Blog 2025-10-07
How Graph Intelligence Is Transforming Software Supply Chain VisibilityAlan Shimel interviews Stephen Chin on how graph intelligence is reshaping visibility and security within software supply chains, highlighting DevOps and AI advances discussed at swampUP 2025.
DevOps Blog 2025-10-06
What Microsoft Entra Really Means for Identity and SecurityDellenny delivers a comprehensive look at Microsoft Entra and its central role in modern identity and security management for cloud and hybrid environments.
Dellenny's Blog 2025-10-04
The Hybrid Cloud Playbook: Mastering Azure StackDellenny shares actionable strategies and best practices for mastering hybrid cloud environments with Azure Stack, highlighting governance, DevOps, security, and workload management.
Dellenny's Blog 2025-10-04
Build vs. Buy: What it Really Takes to Harden Your Software Supply ChainMatt Moore explores what it takes to secure your software supply chain, covering the difficult questions facing engineering teams around building or buying hardened images, maintenance, automation pitfalls, and supply...
DevOps Blog 2025-10-03
Shai-Hulud: Supply Chain Worm Sheds Light on DevOps Security RisksAlan Shimel analyzes the Shai-Hulud supply chain worm’s impact, guiding DevOps professionals on strengthening pipeline security, credential hygiene, and artifact provenance to combat the latest wave of automated supply chain...
DevOps Blog 2025-10-01
Secure NuGet Package Publishing from GitHub Actions with Trusted PublishingAndrew Lock explains how to safely automate NuGet package publishing directly from GitHub Actions using the Trusted Publishing feature on nuget.org, reducing credential risk and streamlining release workflows.
Andrew Lock's Blog 2025-09-30
Harness Acquires Qwiet AI to Strengthen AI-Driven Application Security in DevOpsMike Vizard details how Harness’s acquisition of Qwiet AI brings AI-powered code testing and native security automation to the DevOps platform, enhancing application security for development teams.
DevOps Blog 2025-09-29
Microsoft Entra Suite: The Future of Identity and Access SecurityDellenny provides an in-depth look at Microsoft Entra Suite, outlining its role in unifying identity and access security for enterprises navigating cloud-first and hybrid IT environments.
Dellenny's Blog 2025-09-27
How GitHub Plans to Secure npm After Recent Supply Chain AttacksTom Smith discusses how GitHub is overhauling npm security after the Shai-Hulud worm attack, describing new authentication requirements and trusted publishing to defend the software supply chain.
DevOps Blog 2025-09-26
HashiCorp Introduces Agentic AI and Enhanced Automation for IT InfrastructureMike Vizard covers HashiCorp’s updates at HashiConf 2025, highlighting new AI agent capabilities, cross-platform automation (including Microsoft integrations), and advanced security tools for streamlined IT infrastructure management.
DevOps Blog 2025-09-25
Chainguard Launches Curated JavaScript Libraries to Enhance Software Supply Chain SecurityMike Vizard examines how Chainguard’s new curated JavaScript libraries leverage the SLSA framework to help DevSecOps teams secure software supply chains against threats like NPM malware.
DevOps Blog 2025-09-25
The DevSecOps Career Path: What No One Tells You About Getting StartedPhilip Piletic guides DevOps professionals through the complex journey into DevSecOps, outlining the technical, soft skills, and mindset shifts critical to integrating security seamlessly into modern software delivery.
DevOps Blog 2025-09-22
AI-Driven Security and Automation in Modern DevOps: Insights from JFrog swampUP 2025Alan Shimel interviews JFrog CTO Yoav Landman at swampUP 2025, exploring how AI, automation, and governance features like AppTrust and Fly are transforming secure software delivery.
DevOps Blog 2025-09-19
Shai-Hulud Attacks Undermine Software Supply Chain SecurityAlan Shimel analyzes the Shai-Hulud NPM attacks and their impact on software supply chain security, offering practical advice for DevOps practitioners to enhance trust and resilience.
DevOps Blog 2025-09-18
Harness CEO Advocates AI-Driven Transformation of CI/CD WorkflowsMike Vizard summarizes Harness CEO Jyoti Bansal’s vision for reimagining CI/CD and DevSecOps workflows using AI. The article explores automation of build, security, and developer operations with emerging AI-driven tools....
DevOps Blog 2025-09-18
Top 7 Azure Services You Didn’t Know You NeededDellenny highlights seven under-the-radar Azure services that can transform your cloud strategy, from enhanced security with Sentinel to automation with Logic Apps.
Dellenny's Blog 2025-09-18
Protecting Identity in Active Directory & Microsoft EntraThomas Maurer, joined by Thomas Bryant, unpacks identity protection and recovery for Active Directory and Microsoft Entra. The episode delivers practical security strategies for practitioners safeguarding Microsoft identity platforms.
Thomas Maurer's Blog 2025-09-16
Outages and Security Threats in DevOps Tooling: Cracks in the FoundationAlan Shimel highlights the risks of outages and breaches in DevOps toolchains and urges platform engineers to design for resilience and strengthen security measures for sustained delivery performance.
DevOps Blog 2025-09-16
WhiteCobra Targets Developers with Malicious VSCode Marketplace ExtensionsJeff Burt’s article exposes how the WhiteCobra group exploits VSCode marketplace trust, detailing malware delivery tactics targeting developer environments. Essential background for development teams on supply chain security.
DevOps Blog 2025-09-15
WhiteCobra’s Malicious VSCode Extensions Pose Major Security Risk for DevelopersJeff Burt analyzes how the WhiteCobra group is targeting developers through malicious VSCode and Open VSX extensions, unveiling sophisticated techniques for cryptocurrency and credential theft.
DevOps Blog 2025-09-15
Security Flaw in Cursor AI Coding Tool Risks Exploiting DevelopersMike Vizard highlights a security vulnerability in the Cursor AI coding tool identified by Oasis Security, stressing the need for developer vigilance and effective DevSecOps controls when using AI-assisted code...
DevOps Blog 2025-09-12
What Makes Vulnerability Scanning Effective in Fast-Moving DevSecOps Pipelines Today?Emily Amanda gives a practical overview of what makes vulnerability scanning effective in today’s fast-paced DevSecOps pipelines, emphasizing the importance of real-time feedback and seamless security integration for developers.
DevOps Blog 2025-09-11
Hush Security Unveils Platform to Eliminate Application SecretsMike Vizard discusses how Hush Security’s new platform addresses application secrets management using runtime identity controls and SPIFFE integration, offering DevSecOps teams a modern way to reduce risks from secret...
DevOps Blog 2025-09-10
DevGovOps: Embedding Governance into DevOps for the Age of AIAlan Shimel examines the rise of DevGovOps, arguing that integrating governance into DevOps is vital for responsible and secure AI adoption in enterprises.
DevOps Blog 2025-09-10
JFrog CEO: AI Agents Require Practices Beyond Security, TraceabilityJon Swartz highlights key takeaways from JFrog’s swampUP 2025, discussing the adoption of AI agents, security and governance in the software supply chain, and partnerships with platforms like GitHub Copilot....
DevOps Blog 2025-09-09
JFrog Unveils DevOps Platform for the Agentic AI EraMike Vizard details JFrog’s launch of a new DevOps platform designed for the agentic AI era, outlining how the JFry platform supports AI agent integration and workflow governance for modern...
DevOps Blog 2025-09-09
JFrog SwampUP 2025 Highlights: AI-Driven DevOps, Governance, and Secure Software Supply ChainsAlan Shimel explores major developments from JFrog’s SwampUP 2025, examining how AI, DevOps automation, and enterprise governance are converging to transform software supply chains.
DevOps Blog 2025-09-09
How to Use Hyper-V with BitLocker Without Constant Recovery PromptsDellenny provides a practical guide on resolving repeated BitLocker recovery prompts when using Hyper-V on Windows, detailing secure setup and TPM configuration strategies.
Dellenny's Blog 2025-09-07
Mitigating GitHub Actions Supply Chain Attacks: Lessons from the nx Project HackJesse Houwing examines the nx supply chain attack in detail, explaining how GitHub Actions misconfigurations led to leaked secrets and how to secure CI/CD workflows with actionable security best practices....
Jesse Houwing's Blog 2025-09-02
How to Enable Ransomware Protection in Windows 11Dellenny provides a practical guide on enabling ransomware protection in Windows 11 using Microsoft Defender Antivirus, helping users secure their data from cyber threats.
Dellenny's Blog 2025-08-30
Malicious Nx Packages Used in Two Waves of Supply Chain AttackJeff Burt reports on a major supply chain attack against the Nx build system, highlighting credential theft, GitHub workflow abuse, and innovative use of AI CLI tools in a rapidly...
DevOps Blog 2025-08-29
Surge in DevOps Platform Incidents: 2025 Mid-Year Analysis of GitHub, Azure DevOps, and Jira DisruptionsAlan Shimel analyzes the 2025 surge in disruptions and security incidents across DevOps platforms such as GitHub and Azure DevOps, summarizing impacts on resilience, uptime, and developer productivity.
DevOps Blog 2025-08-29
AI Coding Assistants Bring Security and Licensing Challenges to Embedded SystemsMike Vizard examines the results of a Black Duck Software survey revealing the rapid integration of AI coding tools into embedded systems development. He discusses the resulting security, license compliance,...
DevOps Blog 2025-08-28
Coding at the Speed of AI: Innovation, Vulnerability, and the GenAI ParadoxJohn Trest discusses how GenAI tools like GitHub Copilot are accelerating coding productivity while raising new security challenges, and provides recommendations for safe integration of AI into software development.
DevOps Blog 2025-08-28
Qwiet AI Expands Microsoft DevOps and GitHub Integration for Code Vulnerability RemediationMike Vizard discusses Qwiet AI’s expanded support for Microsoft DevOps tools, focusing on AI-powered detection and automated remediation of security vulnerabilities in code.
DevOps Blog 2025-08-27
Staying on Top of Shadow AIAlexander Williams examines the increasingly common issue of shadow AI, offering DevOps and security professionals actionable strategies for managing unsanctioned AI use in organizations.
DevOps Blog 2025-08-27
Service Mesh Architecture Pattern in Azure: Managing Microservices Communication, Security, and ObservabilityDellenny discusses how Service Mesh architectures on Azure, using options like Istio and Open Service Mesh, streamline microservices communication, enhance security, and expand observability for cloud-native applications.
Dellenny's Blog 2025-08-27
The EU’s Cyber Resilience Act: Redefining Secure Software DevelopmentThabang Mashologu discusses the transformative impact of the EU’s Cyber Resilience Act on software development practices, outlining core security and compliance requirements for DevOps and security teams.
DevOps Blog 2025-08-26
Digging Into Security With Kat CosgroveArrested DevOps hosts Kat Cosgrove and Matt Stratton examine the persistent challenges of security in DevOps, blending candid advice and humor on topics from container vulnerabilities to effective patching.
Arrested DevOps 2025-08-25
John Willis: The True North of DevOps and DevSecOpsAlan Shimel highlights the impact of John Willis on the DevOps and DevSecOps communities, focusing on foundational frameworks and the cultural shift required for security and collaboration.
DevOps Blog 2025-08-25
Microsoft Defender Advanced Protection Tips for Windows 11Dellenny shares advanced tips for configuring Microsoft Defender Antivirus in Windows 11, empowering users to harden their PCs against evolving security threats using built-in protection features.
Dellenny's Blog 2025-08-23
Tackling the DevSecOps Gap in Software UnderstandingAlan Shimel analyzes the importance of closing the software visibility gap for DevSecOps, exploring issues like SBOMs, traceability, and collaboration among security teams to strengthen both software and supply chain...
DevOps Blog 2025-08-22
The Future of DevSecOps in Fully Autonomous CI/CD PipelinesRavi Shanker Sharma’s white paper examines how AI and ML are transforming DevSecOps, enabling fully autonomous CI/CD pipelines with real-time, continuous security automation.
DevOps Blog 2025-08-21
HoundDog.ai Code Scanner Shifts Data Privacy Responsibility LeftMike Vizard covers the general availability of HoundDog.ai, a static code scanner built to help DevSecOps and privacy teams manage sensitive data within AI development workflows.
DevOps Blog 2025-08-21
Why Human Oversight Remains Essential in an AI-Driven DevOps LandscapeAlan Shimel discusses the critical need for human oversight in AI-driven DevOps environments, emphasizing collaboration models and the risks of unchecked automation.
DevOps Blog 2025-08-18
Sentry Integrates MCP Server Monitoring into APM Platform for AI WorkflowsMike Vizard outlines the technical and operational impact of Sentry’s new MCP server monitoring tool, emphasizing its importance for DevOps and AI engineering teams tasked with building, debugging, and securing...
DevOps Blog 2025-08-14
Most Organizations Face Breaches Caused by Vulnerable Code, Survey FindsMike Vizard analyzes survey findings about the widespread impact of vulnerable code on organizational security, including the challenge of AI-generated code, adoption of security tools, and the ongoing evolution of...
DevOps Blog 2025-08-14
API Gateway Pattern in Azure: Managing APIs and Routing Requests to MicroservicesDellenny provides a hands-on guide to implementing the API Gateway pattern on Azure using API Management, explaining how to route, secure, and monitor requests to microservices for robust and maintainable...
Dellenny's Blog 2025-08-14
Eclipse Foundation Publishes Toolkit to Simplify CRA ComplianceMike Vizard examines how the Eclipse Foundation’s OCCTET project enables organizations to address EU Cyber Resilience Act compliance, highlighting input from Microsoft and GitHub.
DevOps Blog 2025-08-14
The Right Kind of AI for Infrastructure as CodeIan Amit explores how AI can be effectively applied to Infrastructure as Code, highlighting crucial gaps in current cloud security tools and explaining what attributes make AI truly valuable for...
DevOps Blog 2025-08-13
SonarSource Highlights Security Risks and Code Quality Issues in LLM-Generated CodeMike Vizard summarizes SonarSource’s analysis of LLM-generated code, revealing frequent security vulnerabilities and long-term code quality issues. The article urges DevOps teams to be vigilant when leveraging AI coding tools....
DevOps Blog 2025-08-13
SonarSource Research Highlights Security Risks in LLM-Generated CodeMike Vizard summarizes SonarSource’s research into AI-generated code, highlighting both the strengths and serious security pitfalls of relying on LLMs such as GPT-4o, Claude Sonnet 4, and others.
DevOps Blog 2025-08-13
Practical Data Protection in Microsoft 365: Sensitivity Labels, DLP, and Conditional Access for Small BusinessesDellenny breaks down how small businesses can protect data in Microsoft 365 using sensitivity labels, DLP, and conditional access, providing clear steps and real-life analogies.
Dellenny's Blog 2025-08-13
Secure Integration of Microsoft 365 with Slack, Trello, and Google ServicesDellenny explains how technical teams can securely integrate Microsoft 365 with SaaS tools like Slack, Trello, and Google Services, offering actionable advice to maintain security while enabling collaboration.
Dellenny's Blog 2025-08-13
Minimus Adds VEX Support and Microsoft SSO Integration to Hardened Images ServiceMike Vizard explains how Minimus’ updated service now helps DevSecOps teams with VEX support, secure Helm charts for Kubernetes, compliance dashboards, and Microsoft SSO integration, enhancing application security workflows.
DevOps Blog 2025-08-11
ArmorCode Expands Anya AI to Deliver Custom Code Fixes for Runtime EnvironmentsMike Vizard examines how ArmorCode’s Anya AI now generates automated, environment-specific code fixes and brings software supply chain insight to application security, as announced at Black Hat USA 2025.
DevOps Blog 2025-08-07
Black Duck Software Brings AI-Powered Security to IDEsMike Vizard reports on Black Duck Software’s new integration of their AI security assistant into IDE plugins, enabling real-time vulnerability detection and support for natural language security queries as developers...
DevOps Blog 2025-08-07
What Vibe Coding Means for the Enterprise: Fast Code, Real ConsiderationsTom Howlett examines the enterprise-level implications of vibe coding and AI-assisted development, highlighting both the acceleration of innovation and the real risks in security and code maintainability.
DevOps Blog 2025-08-07
Cycode Adds AI Agent to Assess Exploitability of Application VulnerabilitiesAuthored by Mike Vizard, this article explores Cycode’s new AI agent for its application security platform. The tool is designed to evaluate and prioritize vulnerabilities, helping DevSecOps teams respond more...
DevOps Blog 2025-08-05
Exploring Passkey Support in ASP.NET Core Identity with .NET 10 Preview 6In this comprehensive post, Andrew Lock examines the new passkey support introduced in ASP.NET Core Identity and the Blazor Web App template as part of .NET 10 preview 6, explaining...
Andrew Lock's Blog 2025-08-05
Secret Store Pattern in Azure Using Secure Vaults for Credentials and SecretsDellenny details how to implement the Secret Store Pattern in Azure, guiding developers to use Azure Key Vault for managing credentials and secrets securely in cloud-native applications.
Dellenny's Blog 2025-08-04
Token-Based Authentication in Azure Using JWT for Stateless SecurityDellenny presents a comprehensive technical walkthrough on implementing stateless, token-based authentication in Azure using JWT, with practical scenarios for developers and architects.
Dellenny's Blog 2025-08-01
Federated Identity in Azure: Seamless Access with External Identity ProvidersDellenny explains how Federated Identity is implemented on Microsoft Azure, focusing on secure authentication with external identity providers and the architectural benefits for organizations adopting hybrid and multi-cloud solutions.
Dellenny's Blog 2025-07-31
Beyond the Firewall - Achieving True Observability in Hybrid InfrastructureIn this article, Gerardo Dada outlines why true observability is vital in today’s hybrid infrastructures. He examines tools and practices enabling DevOps teams to monitor complex environments.
DevOps Blog 2025-07-31
“Shove Left” – Dumping Downstream Tasks Onto Developers – A Recipe for FailureAuthor Peter Pickerill warns against the ‘Shove Left’ anti-pattern in DevOps, illustrating how offloading tasks onto developers without real change can harm teams and outcomes.
DevOps Blog 2025-07-30
Emerging DevOps Trends: Security, Scalability and SustainabilityHarikrishna Kundariya explores key trends in the DevOps landscape, addressing how security, scalability, and sustainability are influencing modern development practices.
DevOps Blog 2025-07-30
A Practical Guide to Setting up Microsoft Azure Trusted Signing for Code Signing CertificatesIn this extensive guide, Rick Strahl shares his experience with setting up Microsoft Azure Trusted Signing for code signing, discussing certificate requirements, Azure configuration, and practical challenges developers may face....
Rick Strahl's Blog 2025-07-21
Key Trends Driving Software Engineering in 2025Dellenny outlines core trends for software engineers in 2025—from AI-powered development and DevSecOps to ethical and sustainable engineering—providing practitioners with the strategies and skills they should prioritize.
Dellenny's Blog 2025-07-20
Microsoft Adds Telemetry Collection to Its FIPS-Compliant Go Compiler BuildTim Anderson explores Microsoft’s addition of telemetry to its Go compiler build for FIPS compliance, discussing its impact on Azure Linux, cryptographic strategy, and developer workflows.
DevClass 2025-07-08
Security Risks from Deleted GitHub Commits: Admin Access to Istio ExposedTim Anderson’s article explores how lingering commit history on GitHub enabled a researcher to find secrets—including admin tokens for Istio—highlighting security risks and mitigation strategies for developers.
DevClass 2025-07-03
Be Careful When Using GitHub PAT with Repo ScopeHome on explores the hidden dangers of GitHub PATs with the repo scope, revealing how these tokens may inadvertently grant organization-level permissions and highlighting best practices for secure usage.
Spindev's Blog 2025-06-27
How to Authenticate Connect-MgGraph Using OIDC in GitHub ActionsJesse Houwing walks through authenticating maintenance PowerShell scripts to Microsoft Graph in GitHub Actions, using OpenID Connect and Azure CLI, for improved security and automation.
Jesse Houwing's Blog 2025-06-10
Intent vs. Mechanics: The Power of Abstraction in AspireIn this article, David Fowler explores how Aspire simplifies application development by abstracting environment-specific details, allowing developers to focus on intent, especially when managing secrets via Azure Key Vault.
David Fowler's Blog 2025-05-11
Enhancing Windows Server Security with App Control and Azure Arc IntegrationIn this post, Thomas Maurer teams up with Carlos Mayol Berral to explore practical strategies for securing Windows Server environments using App Control and centralized management via Azure Arc.
Thomas Maurer's Blog 2025-04-22
NetEscapades.AspNetCore.SecurityHeaders 1.0.0 Released: Major Updates and New Security FeaturesAndrew Lock introduces NetEscapades.AspNetCore.SecurityHeaders 1.0.0, outlining extensive new features, updates, and best practices for integrating enhanced security headers in ASP.NET Core applications.
Andrew Lock's Blog 2025-04-15
Creating SBOM Attestations for NuGet Packages Using GitHub ActionsIn this blog post, Andrew Lock demonstrates how to create SBOM attestations for your .NET applications or NuGet packages using GitHub Actions, enhancing supply chain security.
Andrew Lock's Blog 2025-04-01
Repost: Protect the Repository Hosting Your GitHub ActionAuthored by Jesse Houwing, this detailed post focuses on safeguarding GitHub Action repositories, outlining practical recommendations to counteract risks like those recently exposed in the changed-files hack.
Jesse Houwing's Blog 2025-03-25
Creating a Software Bill of Materials (SBOM) for an Open-Source NuGet PackageIn this comprehensive guide, Andrew Lock demonstrates how to generate SBOMs for .NET NuGet packages using tools like GitHub’s SBOM export, Microsoft’s sbom-tool, anchore/sbom-action, and CycloneDX, highlighting practical considerations for...
Andrew Lock's Blog 2025-03-25
Creating Provenance Attestations for NuGet Packages in GitHub ActionsAndrew Lock examines how developers can create provenance attestations for NuGet packages using GitHub Actions. He details the underlying mechanics, security implications, verification methods, and practical challenges, including how to...
Andrew Lock's Blog 2025-03-18
Windows Server 2025 Security Baseline and App Control: Enhancing Windows Server SecurityIn this article, Thomas Maurer interviews Carlos Mayol Berral of Microsoft to showcase Windows Server 2025 Security Baseline and App Control, offering insights and demos for IT administrators and security...
Thomas Maurer's Blog 2025-03-17
Really Keeping Your GitHub Actions Usage SecureIn this post, Rob Bos details a recent security incident involving a compromised GitHub Action and offers guidance on securing your CI/CD pipelines with robust processes and tooling.
Rob Bos' Blog 2025-03-16
Say Goodbye to Personal Access Tokens (PATs) in Azure DevOps: Practical Migration StrategiesIn this post, Michael Thomsen discusses how his team eliminated all Azure DevOps Personal Access Tokens (PATs). He details practical migration steps, leveraging service principals and workload identity federation, making...
Jesse Houwing's Blog 2025-03-04
Implement Role-Based Authorization With Keycloak, Web API, and Blazor WebAssemblyMarinko Spasojević guides readers through implementing role-based authorization using Keycloak with Blazor WebAssembly and Web API, exploring role assignment, claims mapping, and securing both UI and API endpoints in modern...
Code Maze Blog 2025-02-21
Keycloak Authentication with ASP.NET Core Web API and Blazor WebAssemblyIn this article, Marinko Spasojević details how to integrate Keycloak authentication with both a Blazor WebAssembly client application and an ASP.NET Core Web API backend, providing step-by-step guidance and sample...
Code Maze Blog 2025-02-17
Comparison of Rebus, NServiceBus, and MassTransit in .NETAuthored by Michal Kaminski, this comprehensive comparison explores Rebus, NServiceBus, and MassTransit, guiding .NET developers through their features, implementation, and use cases.
Code Maze Blog 2024-12-16
DevCon Romania 2024: Protecting Against Supply Chain Attacks in DevOps PipelinesRob Bos, presenting at DevCon Romania 2024, offers a comprehensive overview on protecting software supply chains from attacks, focusing on best practices in DevOps and pipeline security.
Rob Bos' Blog 2024-11-07
AI Security Posture Management (AI-SPM): What Is It and When Should You Use It?In this post, Kim Grönberg discusses the fundamentals of AI Security Posture Management (AI-SPM), how it compares with traditional CSPM solutions, its use cases, and why organizations should consider adopting...
Zure Data & AI Blog 2024-11-05
Scan Your GitHub Workflow Artifacts for Leaked Secrets with PowerShell and TruffleHogIn this post, Jesse Houwing provides a practical PowerShell script for scanning GitHub workflow artifacts for leaked secrets. Learn how the script leverages TruffleHog and covers setup, execution, and best...
Jesse Houwing's Blog 2024-08-19
GitHub Advanced Security for Azure DevOpsIn this article, Rob Bos explores the public preview of GitHub Advanced Security (GHAS) features recently introduced to Azure DevOps, as announced at Microsoft Build 2023, and shares firsthand experiences...
Rob Bos' Blog 2023-05-23