Browse DevOps News (276)

cindywang explains how GitHub Copilot agents can modernize legacy Java and .NET code inside Docker Sandbox microVMs, keeping host filesystem paths consistent while avoiding risky Docker socket mounts and tightening egress controls during dependency upgrades.

The Visual Studio Code Team summarizes what’s new in Visual Studio Code 1.117, including improvements to agent sessions, terminal capture, and Git worktree isolation, plus editor UX fixes for package.json and JSDoc rendering.

Allison announces `gh skill`, a new GitHub CLI command for discovering, installing, updating, and publishing portable “agent skills” for AI coding agents (including GitHub Copilot), with a focus on version pinning and supply-chain integrity.

Lawrence Gripper explains how GitHub uses eBPF and cgroups to prevent deployment scripts from introducing circular dependencies (like needing github.com during an outage), including a Go-based proof of concept that monitors and conditionally blocks network/DNS access for deploy processes.

Aviram Shemesh and Jennifer Rutzer explain how to build a cryptographic inventory and run an ongoing cryptographic posture management lifecycle, using Microsoft Security tooling (like Defender and GitHub Advanced Security), Azure services (like Key Vault and Network Watcher), and partner CPM solutions to improve quantum-safe readiness.

Allison announces new GitHub improvements: a rule insights dashboard to visualize repository ruleset evaluations (successes, failures, bypasses) and a unified filter bar across alert dismissal and bypass request pages for code scanning, Dependabot, and secret scanning.

Jim Harrer shares a curated list of 20 VS Live! Las Vegas 2026 sessions now available on the Visual Studio YouTube channel, spanning AI/Copilot topics, modern .NET and C#, Azure cloud-native development, GitHub Actions, and practical productivity and architecture guidance.

Microsoft Fabric Blog explains what customers are asking about Fabric Data Factory vs Azure Data Factory (ADF): when to migrate, how mature it is, and what new capabilities you gain—like Mirroring to OneLake, Copy Jobs with CDC, Dataflows Gen2, Copilot assistance, and managed Airflow/dbt execution.

Allison outlines what changed in CodeQL 2.25.2 for GitHub code scanning, including Kotlin 2.3.20 support, multiple query accuracy tweaks (notably for C#), and updated security-severity scores for issues like XSS and log injection across several languages.

Laura Jiang announces two Azure DevOps Advanced Security updates: CodeQL default setup to enable org-wide code scanning without per-repo pipeline configuration, and a combined alerts experience (with security campaigns) to triage and coordinate remediation across all repositories.

Reenu Saluja breaks down the main Azure hosting options for production AI agents and explains when to use each, with a deeper walkthrough of Microsoft Foundry Hosted Agents (deployment, lifecycle management, observability, scaling, and invocation patterns).

David Sanchez lays out a practical DevOps playbook for teams adopting AI coding agents (including GitHub Copilot Cloud Agent), focusing on readiness prerequisites, human–agent collaboration patterns, pipeline changes, governance, and security controls needed to keep quality and accountability intact as non-human contributors scale up.

Allison announces that Dependabot and code scanning can now use OpenID Connect (OIDC) for organization-level access to private registries, reducing reliance on long-lived secrets and enabling short-lived, dynamically issued credentials.

Allison announces new GitHub features that surface deployment and runtime context in repository properties and security alert pages, helping teams automate policy enforcement and prioritize Dependabot and code scanning alerts based on real production risk.

Kristen Womack explains how `azd update` simplifies keeping the Azure Developer CLI current across Windows, macOS, and Linux, including how to switch between stable and daily release channels.

Gloridel Morales announces April patches for Azure DevOps Server, summarizing key fixes (pull request completion reliability, safer sign-out redirect validation, and GitHub Enterprise Server PAT connection) and showing how to verify the patch is installed.

Allison announces a public preview feature that lets teams link GitHub code scanning alerts to GitHub Issues, making it easier to track and prioritize security remediation work in existing planning workflows.

Joseph Katsioloudes introduces Season 4 of GitHub’s Secure Code Game, a hands-on set of challenges where you exploit and fix vulnerabilities in an agentic AI assistant (ProdBot) to learn real-world AI-agent security risks like prompt-based tool misuse, memory poisoning, and sandbox escape.

Allison announces an update that lets GitHub organizations configure multiple private registries per package ecosystem for Dependabot and code scanning, including org-level OIDC authentication support via the UI and REST API.

Allison summarizes GitHub Secret Scanning updates that expand push protection defaults, improve enterprise fork coverage, and add new API capabilities for alert validity, provider filtering, scan history, and enterprise-wide dismissal request reporting.