The world of software development is changing rapidly. With Google’s latest announcement, part of how we deploy systems is getting ready to change for the better for nearly half of all companies. Are your teams ready for the challenge?

Ever needed to automate creating an Azure Entra ID (Azure Active Directory) application and federating it with GitHub? With just a little PowerShell, you can!

Security is at the heart of what we do in DevOps (if we’re doing it right). This includes protecting our CI/CD processes from malicious users and behaviors. One of the more interesting exploit vectors with build and release pipelines is a classic: the injection attack. This post reviews the basics of injection exploits and shows you how to easily avoid them.

With the rise of OIDC, we no longer need to rely on secret keys or passwords to connect two services together. Instead, we can configure a trust relationship between the services and use that to securely request tokens for accessing resources. Adopting this approach can simplify things, but it can be scary for security teams and developers; they want to understand what makes this process work. In this post, walk through what’s happening under the covers.

What you don’t know can hurt you, especially when it comes to code. Dependency chains can tend to have more security considerations than most people realize. In fact, most dependencies have far more abilities than most developers realize …