Hey! You broke our pipeline!
One of the advantages of Azure Pipelines is that it automatically updates your tasks to the latest minor version. That way you don't have anything to stay up-to-date. But this also has disadvantages. Both Microsoft and Extension Authors can accidentally break your pipelines.
Enable RenovateBot for Azure Pipelines
In my report on the Security state of the Azure DevOps Marketplace I came to the unfortunate conclusion that about 40% of the extensions contain vulnerabilities. One of the recommendations for both Azure DevOps administrators and pipeline authors was to keep the Azure Pipelines Tasks up-to-date.
Definitive solution for log4shell in Azure DevOps Server Search
Last year around this time the log4shell bug in log4j was made public. Older versions of Team Foundation Server and Azure DevOps Server ship with Elastic Search to power its advanced search features. The version that ships with these versions is quite old and was never truly fixed, only patched.
Be Secure and Compliant with GitHub
How do we ensure security after we have deployed our application? This question comes up in many customer engagements. How do we make something secure and how can we ensure we are compliant? Unfortunately, many of these questions arise after the fact. After the application has been built, or even
Log4J – A 10 step mitigation plan
There is already a lot of attention on the #Log4J vulnerability. It is all over the news while we write this blog. Many customers have asked us what to do. In this blog we give some advice on how to deal with the Log4j vulnerability and similar vulnerabilities in the future.
Azure DevOps 2020 and 2019 (and 2018) patch for log4j vulnerability
Azure DevOps can be configured with advanced Code Search. That feature relies on Elastic Search. Depending on the age of your server, JVM version and Elastic Search version this may result in your setup being vulnerable to CVE-2021-44228.
Accessing Azure DevOps APIs with large volumes of data
Most REST APIs exposed by Azure DevOps are limited in the amount of data they will return. You can choose to override the default number by passing a $top=### query string parameter. Azure DevOps will try to honor this request, but I've seen it refuse and return a lower number anyway.