Blogs
-
ArmorCode Expands Anya AI to Deliver Custom Code Fixes for Runtime Environments
Mike Vizard examines how ArmorCode’s Anya AI now generates automated, environment-specific code fixes and brings software supply chain insight to application security, as announced at Black Hat USA 2025.
-
Black Duck Software Brings AI-Powered Security to IDEs
Mike Vizard reports on Black Duck Software’s new integration of their AI security assistant into IDE plugins, enabling real-time vulnerability detection and support for natural language security queries as developers write code.
-
What Vibe Coding Means for the Enterprise: Fast Code, Real Considerations
Tom Howlett examines the enterprise-level implications of vibe coding and AI-assisted development, highlighting both the acceleration of innovation and the real risks in security and code maintainability.
-
Cycode Adds AI Agent to Assess Exploitability of Application Vulnerabilities
Authored by Mike Vizard, this article explores Cycode’s new AI agent for its application security platform. The tool is designed to evaluate and prioritize vulnerabilities, helping DevSecOps teams respond more effectively to emerging security challenges.
-
Exploring Passkey Support in ASP.NET Core Identity with .NET 10 Preview 6
In this comprehensive post, Andrew Lock examines the new passkey support introduced in ASP.NET Core Identity and the Blazor Web App template as part of .NET 10 preview 6, explaining both user and implementation perspectives.
-
Secret Store Pattern in Azure Using Secure Vaults for Credentials and Secrets
Dellenny details how to implement the Secret Store Pattern in Azure, guiding developers to use Azure Key Vault for managing credentials and secrets securely in cloud-native applications.
-
Token-Based Authentication in Azure Using JWT for Stateless Security
Dellenny presents a comprehensive technical walkthrough on implementing stateless, token-based authentication in Azure using JWT, with practical scenarios for developers and architects.
-
Federated Identity in Azure: Seamless Access with External Identity Providers
Dellenny explains how Federated Identity is implemented on Microsoft Azure, focusing on secure authentication with external identity providers and the architectural benefits for organizations adopting hybrid and multi-cloud solutions.
-
Beyond the Firewall - Achieving True Observability in Hybrid Infrastructure
In this article, Gerardo Dada outlines why true observability is vital in today’s hybrid infrastructures. He examines tools and practices enabling DevOps teams to monitor complex environments.
-
“Shove Left” – Dumping Downstream Tasks Onto Developers – A Recipe for Failure
Author Peter Pickerill warns against the ‘Shove Left’ anti-pattern in DevOps, illustrating how offloading tasks onto developers without real change can harm teams and outcomes.
-
Emerging DevOps Trends: Security, Scalability and Sustainability
Harikrishna Kundariya explores key trends in the DevOps landscape, addressing how security, scalability, and sustainability are influencing modern development practices.
-
A Practical Guide to Setting up Microsoft Azure Trusted Signing for Code Signing Certificates
In this extensive guide, Rick Strahl shares his experience with setting up Microsoft Azure Trusted Signing for code signing, discussing certificate requirements, Azure configuration, and practical challenges developers may face.
-
Key Trends Driving Software Engineering in 2025
Dellenny outlines core trends for software engineers in 2025—from AI-powered development and DevSecOps to ethical and sustainable engineering—providing practitioners with the strategies and skills they should prioritize.
-
Microsoft Adds Telemetry Collection to Its FIPS-Compliant Go Compiler Build
Tim Anderson explores Microsoft’s addition of telemetry to its Go compiler build for FIPS compliance, discussing its impact on Azure Linux, cryptographic strategy, and developer workflows.
-
Security Risks from Deleted GitHub Commits: Admin Access to Istio Exposed
Tim Anderson’s article explores how lingering commit history on GitHub enabled a researcher to find secrets—including admin tokens for Istio—highlighting security risks and mitigation strategies for developers.
-
How to Authenticate Connect-MgGraph Using OIDC in GitHub Actions
Jesse Houwing walks through authenticating maintenance PowerShell scripts to Microsoft Graph in GitHub Actions, using OpenID Connect and Azure CLI, for improved security and automation.
-
Intent vs. Mechanics: The Power of Abstraction in Aspire
In this article, David Fowler explores how Aspire simplifies application development by abstracting environment-specific details, allowing developers to focus on intent, especially when managing secrets via Azure Key Vault.
-
Enhancing Windows Server Security with App Control and Azure Arc Integration
In this post, Thomas Maurer teams up with Carlos Mayol Berral to explore practical strategies for securing Windows Server environments using App Control and centralized management via Azure Arc.
-
NetEscapades.AspNetCore.SecurityHeaders 1.0.0 Released: Major Updates and New Security Features
Andrew Lock introduces NetEscapades.AspNetCore.SecurityHeaders 1.0.0, outlining extensive new features, updates, and best practices for integrating enhanced security headers in ASP.NET Core applications.
-
Creating SBOM Attestations for NuGet Packages Using GitHub Actions
In this blog post, Andrew Lock demonstrates how to create SBOM attestations for your .NET applications or NuGet packages using GitHub Actions, enhancing supply chain security.
-
Repost: Protect the Repository Hosting Your GitHub Action
Authored by Jesse Houwing, this detailed post focuses on safeguarding GitHub Action repositories, outlining practical recommendations to counteract risks like those recently exposed in the changed-files hack.
-
Creating a Software Bill of Materials (SBOM) for an Open-Source NuGet Package
In this comprehensive guide, Andrew Lock demonstrates how to generate SBOMs for .NET NuGet packages using tools like GitHub’s SBOM export, Microsoft’s sbom-tool, anchore/sbom-action, and CycloneDX, highlighting practical considerations for developers and operators.
-
Creating Provenance Attestations for NuGet Packages in GitHub Actions
Andrew Lock examines how developers can create provenance attestations for NuGet packages using GitHub Actions. He details the underlying mechanics, security implications, verification methods, and practical challenges, including how to address NuGet.org’s modifications for reliable attestation.
-
Windows Server 2025 Security Baseline and App Control: Enhancing Windows Server Security
In this article, Thomas Maurer interviews Carlos Mayol Berral of Microsoft to showcase Windows Server 2025 Security Baseline and App Control, offering insights and demos for IT administrators and security professionals.
-
Really Keeping Your GitHub Actions Usage Secure
In this post, Rob Bos details a recent security incident involving a compromised GitHub Action and offers guidance on securing your CI/CD pipelines with robust processes and tooling.
-
Say Goodbye to Personal Access Tokens (PATs) in Azure DevOps: Practical Migration Strategies
In this post, Michael Thomsen discusses how his team eliminated all Azure DevOps Personal Access Tokens (PATs). He details practical migration steps, leveraging service principals and workload identity federation, making it a must-read for DevOps professionals focused on secure automation.
-
Implement Role-Based Authorization With Keycloak, Web API, and Blazor WebAssembly
Marinko Spasojević guides readers through implementing role-based authorization using Keycloak with Blazor WebAssembly and Web API, exploring role assignment, claims mapping, and securing both UI and API endpoints in modern .NET applications.
-
Keycloak Authentication with ASP.NET Core Web API and Blazor WebAssembly
In this article, Marinko Spasojević details how to integrate Keycloak authentication with both a Blazor WebAssembly client application and an ASP.NET Core Web API backend, providing step-by-step guidance and sample configurations.
-
Comparison of Rebus, NServiceBus, and MassTransit in .NET
Authored by Michal Kaminski, this comprehensive comparison explores Rebus, NServiceBus, and MassTransit, guiding .NET developers through their features, implementation, and use cases.
-
DevCon Romania 2024: Protecting Against Supply Chain Attacks in DevOps Pipelines
Rob Bos, presenting at DevCon Romania 2024, offers a comprehensive overview on protecting software supply chains from attacks, focusing on best practices in DevOps and pipeline security.
-
AI Security Posture Management (AI-SPM): What Is It and When Should You Use It?
In this post, Kim Grönberg discusses the fundamentals of AI Security Posture Management (AI-SPM), how it compares with traditional CSPM solutions, its use cases, and why organizations should consider adopting it, especially as Microsoft prepares to release AI-SPM features.
-
Scan Your GitHub Workflow Artifacts for Leaked Secrets with PowerShell and TruffleHog
In this post, Jesse Houwing provides a practical PowerShell script for scanning GitHub workflow artifacts for leaked secrets. Learn how the script leverages TruffleHog and covers setup, execution, and best practices for securing your repositories.
-
GitHub Advanced Security for Azure DevOps
In this article, Rob Bos explores the public preview of GitHub Advanced Security (GHAS) features recently introduced to Azure DevOps, as announced at Microsoft Build 2023, and shares firsthand experiences and key distinctions compared to GitHub’s native implementation.