Azure DevOps 2020 and 2019 (and 2018) patch for log4j vulnerability
Update: Official patches are now available:Azure DevOps Server and Team Foundation Server patchesWith this patch cycle, we are releasing fixes that impact our self-hosted product, Azure DevOps Server,...
View ArticleLog4J – A 10 step mitigation plan
Originally posted on the Xebia Blog.Update: which vulnerabilities are present?The initial blog below was written around CVE-2021-45046 and CVE-2021-44228, in which Log4J its JNDI functionalities could...
View ArticleAsk a Professional Scrum Trainer - Scaling Scrum with Nexus - Part 2
The Scrum.org Ask a Professional Scrum Trainer series features Professional Scrum Trainers (PSTs) in a live session, answering your most pressing questions regarding the challenges and situations your...
View ArticleCustomizing Codespaces
You’ve probably had this situation at least once on your career: you join a new team and it takes you at least 10 days to finally get the build to succeed on your local machine, the tests to pass, the...
View ArticleInstalling git-filter-repo on windows
I've been trying to get git-filter-repo to work on Windows and WSL today and it's been quite a struggle. The docs are pretty limited and call out I may have to update some values in the script itself...
View ArticleBe Secure and Compliant with GitHub
How do we ensure security after we have deployed our application? This question comes up in many customer engagements. How do we make something secure and how can we ensure we are compliant?...
View ArticleUpgrade Hosted Agent / GitHub Runner PowerShell
I managed to upgrade PowerShell at the start of the run and the agent will happily use it after installation.You need to do two simple things.Install the PowerShell Core Preview onto the agent.Make...
View ArticleUpdate Ghost blogs and pages with PowerShell
The samples provided by Ghost are in JavaScript, Curl and Python, all languages I'm not fluent in, so I set out to do the same from PowerShell or C#.The hardest part turned out to be the code to create...
View ArticleIssuing workflow commands from the Windows shell in GitHub Actions
It's a little-known fact that the default shell in for GitHub Actions is different depending on the operating system on which you run. And that the syntax to set a variable, for example, differs...
View ArticleWhat's GitHub's new require approval of the most recent push policy all about?
It was introduced with the express intent to prevent someone responding to a code review request from sneaking in changes and approving them themselves or using the already supplied approval from...
View ArticleDefinitive solution for log4shell in Azure DevOps Server Search
A version of Azure DevOps Server with a reasonably recent, secure, and supported version of Elastic Search is coming soon.Azure DevOps 2020 and 2019 (and 2018) patch for log4j vulnerabilityAzure DevOps...
View ArticleSecurity state of the Azure DevOps Marketplace
My colleague Rob Bos has been working on analyzing the GitHub Actions Marketplace for security and it got me thinking about the level of security for Azure Pipelines.Analyzing the GitHub marketplace -...
View ArticleSpeeding up the Azure DevOps Extension tasks
In particular the Publish Azure DevOps Extension task that spent quite a bit of time extracting the vsix prior to putting it back together.Azure DevOps Extension Tasks - Visual Studio...
View ArticleEnable RenovateBot for Azure Pipelines
Security state of the Azure DevOps MarketplaceThis report focusses on the Azure Pipelines extensions in the Marketplace. At the time of compiling the report there are 1460 extensions in the “Azure...
View ArticleHey! You broke our pipeline!
I've personally shipped a version of my Variable Toolbox extension that impacted 10.000 developers at a single corporation that relied on my pipeline tasks.And yesterday Microsoft had a world-wide...
View ArticleTips & tricks: Git under WSL and windows
Some of the issues I've encountered are:Ensuring line-endings are properly handled on the mounted windows volumesCentralizing credential managementLet's tackle them one-by-one.Ensuring line-endings are...
View ArticlePublish Azure DevOps Extensions using Azure Workload Identity
If you need help configuring a basic CI/CD pipeline for an Azure DevOps Extension, check out the guidance on Microsoft Learn).The issue with Personal Access Tokens is that they're always active, expire...
View ArticleProtect the repository hosting your GitHub Action
The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency TreeGitHub Actions worm compromises GitHub repositories via action dependencies in a novel attack vector...
View ArticleVSBuild task fails on self-hosted Azure Pipelines Agent
Today I got this baffling error while trying to run one of the few pipelines I own that requires a self-hosted agent.2023-09-18T13:24:55.1897667Z ##[section]Starting: VSBuild...
View ArticleInvestigating az-cli performance on the hosted Azure Pipelines and GitHub...
Azure CLI is a great nifty tool to chat to Azure as well as Azure DevOps and there's a AzureCLI@v2 task in Azure DevOps that preconfigures your Azure subscription and all.While testing I got...
View Article