Clik here to view.
Azure DevOps 2020 and 2019 (and 2018) patch for log4j vulnerability
Update: Official patches are now available:Azure DevOps Server and Team Foundation Server patchesWith this patch cycle, we are releasing fixes that impact our self-hosted product, Azure DevOps Server,...
View ArticleClik here to view.
Log4J – A 10 step mitigation plan
Originally posted on the Xebia Blog.Update: which vulnerabilities are present?The initial blog below was written around CVE-2021-45046 and CVE-2021-44228, in which Log4J its JNDI functionalities could...
View ArticleClik here to view.
Ask a Professional Scrum Trainer - Scaling Scrum with Nexus - Part 2
The Scrum.org Ask a Professional Scrum Trainer series features Professional Scrum Trainers (PSTs) in a live session, answering your most pressing questions regarding the challenges and situations your...
View ArticleClik here to view.
Customizing Codespaces
You’ve probably had this situation at least once on your career: you join a new team and it takes you at least 10 days to finally get the build to succeed on your local machine, the tests to pass, the...
View ArticleClik here to view.
Installing git-filter-repo on windows
I've been trying to get git-filter-repo to work on Windows and WSL today and it's been quite a struggle. The docs are pretty limited and call out I may have to update some values in the script itself...
View ArticleClik here to view.
Be Secure and Compliant with GitHub
How do we ensure security after we have deployed our application? This question comes up in many customer engagements. How do we make something secure and how can we ensure we are compliant?...
View ArticleClik here to view.
Upgrade Hosted Agent / GitHub Runner PowerShell
I managed to upgrade PowerShell at the start of the run and the agent will happily use it after installation.You need to do two simple things.Install the PowerShell Core Preview onto the agent.Make...
View ArticleClik here to view.
Update Ghost blogs and pages with PowerShell
The samples provided by Ghost are in JavaScript, Curl and Python, all languages I'm not fluent in, so I set out to do the same from PowerShell or C#.The hardest part turned out to be the code to create...
View ArticleClik here to view.
Issuing workflow commands from the Windows shell in GitHub Actions
It's a little-known fact that the default shell in for GitHub Actions is different depending on the operating system on which you run. And that the syntax to set a variable, for example, differs...
View ArticleClik here to view.
What's GitHub's new require approval of the most recent push policy all about?
It was introduced with the express intent to prevent someone responding to a code review request from sneaking in changes and approving them themselves or using the already supplied approval from...
View ArticleClik here to view.
Definitive solution for log4shell in Azure DevOps Server Search
A version of Azure DevOps Server with a reasonably recent, secure, and supported version of Elastic Search is coming soon.Azure DevOps 2020 and 2019 (and 2018) patch for log4j vulnerabilityAzure DevOps...
View ArticleClik here to view.
Security state of the Azure DevOps Marketplace
My colleague Rob Bos has been working on analyzing the GitHub Actions Marketplace for security and it got me thinking about the level of security for Azure Pipelines.Analyzing the GitHub marketplace -...
View ArticleClik here to view.
Speeding up the Azure DevOps Extension tasks
In particular the Publish Azure DevOps Extension task that spent quite a bit of time extracting the vsix prior to putting it back together.Azure DevOps Extension Tasks - Visual Studio...
View ArticleClik here to view.
Enable RenovateBot for Azure Pipelines
Security state of the Azure DevOps MarketplaceThis report focusses on the Azure Pipelines extensions in the Marketplace. At the time of compiling the report there are 1460 extensions in the “Azure...
View ArticleClik here to view.
Hey! You broke our pipeline!
I've personally shipped a version of my Variable Toolbox extension that impacted 10.000 developers at a single corporation that relied on my pipeline tasks.And yesterday Microsoft had a world-wide...
View ArticleClik here to view.
Tips & tricks: Git under WSL and windows
Some of the issues I've encountered are:Ensuring line-endings are properly handled on the mounted windows volumesCentralizing credential managementLet's tackle them one-by-one.Ensuring line-endings are...
View ArticleClik here to view.
Publish Azure DevOps Extensions using Azure Workload Identity
If you need help configuring a basic CI/CD pipeline for an Azure DevOps Extension, check out the guidance on Microsoft Learn).The issue with Personal Access Tokens is that they're always active, expire...
View ArticleClik here to view.
Protect the repository hosting your GitHub Action
The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency TreeGitHub Actions worm compromises GitHub repositories via action dependencies in a novel attack vector...
View ArticleClik here to view.
VSBuild task fails on self-hosted Azure Pipelines Agent
Today I got this baffling error while trying to run one of the few pipelines I own that requires a self-hosted agent.2023-09-18T13:24:55.1897667Z ##[section]Starting: VSBuild...
View ArticleClik here to view.
Investigating az-cli performance on the hosted Azure Pipelines and GitHub...
Azure CLI is a great nifty tool to chat to Azure as well as Azure DevOps and there's a AzureCLI@v2 task in Azure DevOps that preconfigures your Azure subscription and all.While testing I got...
View Article