GitHub Scan all workflow artifacts for leaked secrets In response to: Major GitHub repos leak access tokens putting code and clouds at riskBuild artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure.CSO OnlineLucian Constantin I've created a quick powershell
GitHub Looking back on the Global DevOps Experience It's been a few weeks since the Global DevOps Experience 2024 finished, but it's a lot longer since we all started back in March.
git Featured The use or uselessness of signed commits Each commit you make stores the name and email address you've configured in your git config. But Git doesn't verify whether that's you. You can easily make a commit that uses the email of any famous coder out there in the world, and your Git repo will accept that.
Scrum Don't get lost in your plans Today I got a call from a customer who is trying to understand what's going on in their teams and is getting lost among the many different Features and Product Backlog Items on their boards.
GitHub Restrict GitHub branches to specific prefixes Many people follow some kind of naming format for their branches. Be it because they're using GitHub Flow or Git Flow or because they've created their own meaningful naming patterns.
Azure Pipelines Recommendations for using Azure CLI in your workflow Azure CLI is widely used in GitHub Actions and Azure Pipelines, as well as many other CI/CD tools. Over the last few weeks, I've been looking into its performance and security and based on that here are a number of recommendations.
Ghost Allow people to find you on Mastadon from your Ghost Pro domain I wanted people to be able to find me on my me@jessehouwing.net email address without having to know the instance of Mastodon I'm on. And found it not to be too hard.
GitHub Accessing (private) GitHub resources from a Codespace If you want to access packages or repositories from another organization though, you're out of luck. Even though you can request access to repositories outside of your organization or account, GitHub won't grant you that access when the Codespace starts.
GitHub Featured Investigating az-cli performance on the hosted Azure Pipelines and GitHub Runners I've been building a few more workflows and pipelines over the past few days and had been experimenting with the az-cli. And I've been running into all kinds of performance issues.
Azure Pipelines VSBuild task fails on self-hosted Azure Pipelines Agent Today I got this baffling error while trying to run one of the few pipelines I own that requires a self-hosted agent. 2023-09-18T13:24:55.1897667Z ##[section]Starting: VSBuild 2023-09-18T13:24:55.2042232Z ============================================================================== 2023-09-18T13:24:55.2042611Z Task : Visual Studio build 2023-09-18T13:24:55.2042705Z Description : Build with MSBuild and
GitHub Actions Featured Protect the repository hosting your GitHub Action It comes as no surprise that the tags and branches solution to version GitHub Actions is weak at best. There have been rumors of Actions moving to a different model (GitHub Container Registry), but that is yet to see the light.
Azure DevOps Featured Publish Azure DevOps Extensions using Azure Workload Identity As you may know, I maintain several Azure DevOps Extensions. To publish them I use the Azure DevOps extension tasks. And to authenticate you must provide a Personal Access Token.
git Tips & tricks: Git under WSL and windows Since the introduction of WSL I've started to rely on it more and more, but there are still a few quirks when dealing with multiple environments that access the same repo on disk.
Azure Pipelines Hey! You broke our pipeline! One of the advantages of Azure Pipelines is that it automatically updates your tasks to the latest minor version. That way you don't have anything to stay up-to-date. But this also has disadvantages. Both Microsoft and Extension Authors can accidentally break your pipelines.
GitHub Featured Enable RenovateBot for Azure Pipelines In my report on the Security state of the Azure DevOps Marketplace I came to the unfortunate conclusion that about 40% of the extensions contain vulnerabilities. One of the recommendations for both Azure DevOps administrators and pipeline authors was to keep the Azure Pipelines Tasks up-to-date.
Azure Pipelines Speeding up the Azure DevOps Extension tasks I've been maintaining and using the Azure DevOps Extension tasks for years now and I've always been frustrated by the slowness of some steps.
Azure DevOps Featured Security state of the Azure DevOps Marketplace This report focusses on the Azure Pipelines extensions in the Marketplace. At the time of compiling the report there are 1460 extensions in the "Azure Pipelines" category. More than 500 have one or more vulnerabilities or vulnerable dependencies.
Azure DevOps Server 2022 Definitive solution for log4shell in Azure DevOps Server Search Last year around this time the log4shell bug in log4j was made public. Older versions of Team Foundation Server and Azure DevOps Server ship with Elastic Search to power its advanced search features. The version that ships with these versions is quite old and was never truly fixed, only patched.
GitHub What's GitHub's new require approval of the most recent push policy all about? The "require approval of the most recent push" protection rule was recently introduced (oct 2022).
GitHub Actions Issuing workflow commands from the Windows shell in GitHub Actions I don't think you should, I'm not sure you want to... But in case you need to... Here's how to correctly issue a GitHub Actions workflow command from the windows shell.
Ghost Update Ghost blogs and pages with PowerShell In order to remove a bit of repetitive manual work from my schedule I wrote a little sync between my Scrum.org class schedule to this blog.
GitHub Actions Upgrade Hosted Agent / GitHub Runner PowerShell I had recently fixed a bug in one of my build scripts by upgrading to the latest PowerShell Preview version. Of course, that version isn't yet available on the hosted agent for Azure Pipelines and GitHub Actions.
GitHub Be Secure and Compliant with GitHub How do we ensure security after we have deployed our application? This question comes up in many customer engagements. How do we make something secure and how can we ensure we are compliant? Unfortunately, many of these questions arise after the fact. After the application has been built, or even
git Installing git-filter-repo on windows I've been trying to get git-filter-repo to work on Windows and WSL today and it's been quite a struggle. The docs are pretty limited and call out I may have to update some values in the script itself to make things work. But doesn't
GitHub Customizing Codespaces You’ve probably had this situation at least once on your career: you join a new team and it takes you at least 10 days to finally get the build to succeed on your local machine, the tests to pass, the application to launch without issues, and for the debugger
