GitHub Advanced Security (GHAS) helps teams to shift left and secure their development practices. But what do you do when its process its processes and practices doesn’t quite fit your team’s approach? In this post, we’ll look at how to use GitHub Probot to implement your own process in a GitHub-native way.

Do you know what the main threat is to your CI/CD systems? It’s not the code you write, the tools you use, or the cloud provider you rely on. It’s the supply chain, and that is frequently the most vulnerable part of the development process. Today, let’s understand why.

The world of software development is changing rapidly. With Google’s latest announcement, part of how we deploy systems is getting ready to change for the better for nearly half of all companies. Are your teams ready for the challenge?

Ever needed to automate creating an Azure Entra ID (Azure Active Directory) application and federating it with GitHub? With just a little PowerShell, you can!

Security is at the heart of what we do in DevOps (if we’re doing it right). This includes protecting our CI/CD processes from malicious users and behaviors. One of the more interesting exploit vectors with build and release pipelines is a classic: the injection attack. This post reviews the basics of injection exploits and shows you how to easily avoid them.