GitHub Copilot App is now in technical preview — a standalone desktop app for agent-driven development with parallel sessions, three session modes, and Agent Merge.
An overview of a mistake made with AI
An overview of the open source tools I maintain in my spare time: DevEx Metrics, AI Engineering Fluency, the Alternative GitHub Actions Marketplace, the devops-actions org, GHAzDoWidget, and Jarvis.
A walkthrough of the governance gaps in the GitHub Copilot and extension surfaces: the Copilot CLI with its plugin marketplace, the Agent Package Manager (APM), gh skills, MCP servers across editors, and VS Code extensions through the Microsoft Marketplace and Open VSX.
A walkthrough of running the GitHub Copilot CLI against local AI inference engines on a Dell Pro Max 14 with Intel Arc 140T, NVIDIA RTX PRO 500, and Intel AI Boost NPU. Covers Ollama, LM Studio, Foundry Local, vLLM, and TGI — what worked, what didn't, and the fastest setup...
Learn how to manually upload your Microsoft Certification badges from Microsoft Learn to Credly after Microsoft ended their direct Credly partnership.
Walk through five ways to use the GitHub Copilot Coding Agent, from the editor and Agent Task panel to repository creation, web chat, and the GitHub mobile app.
Get a complete overview of GitHub Copilot Premium Requests, including model multipliers, per-plan allowances, budget controls, and usage analysis tools.
Find out why measuring GitHub Copilot success by lines of code accepted is flawed and what SDLC metrics and engagement patterns actually matter instead.
Explore why the focus on GitHub Copilot productivity is misplaced and how shifting to a sturdy DevOps foundation leads to faster, more trustworthy delivery.
Learn how to protect your GitHub Actions pipelines from supply chain attacks by forking actions, using internal marketplaces, and enabling Dependency Alerts.
Access the DevCon Romania 2024 slides on protecting yourself against software supply chain attacks and learn how to secure your GitHub Actions pipelines.
Watch and download slides from the GitHub Universe 2024 session on successfully scaling GitHub Copilot adoption to thousands of developers in your org.
Discover how to configure the Azure AI Inference SDK in Python to target both GitHub Models and Azure OpenAI endpoints with the correct credential setup.
Learn how to build GitHub Copilot Extensions using the preview SDK, host them in a Codespace, and extend Copilot Chat with your own knowledge and APIs.
See how GitHub Copilot Chat can write an entire API-calling script for you, with real prompts, results, and lessons learned from improving prompt quality.
A nine-part YouTube video series on mastering GitHub Copilot, covering prompt tips, context management, top-down coding, and using Copilot Chat effectively.
Watch a GitHub Copilot power user workflow refactoring a GitHub Actions YAML pipeline into a script file, including prompt examples and follow-up interactions.
Learn about GitHub Advanced Security code security configurations in public beta, enabling easy GHAS policy rollout for repositories across an organization.
Configure CodeQL for GHAzDo on Azure DevOps self-hosted runners by correctly downloading, placing the bundle, and creating the required .complete marker file.
A look back at the most-viewed blog posts of 2023, featuring top topics like GitHub workflows, access tokens, and GitHub Advanced Security for Azure DevOps.
Announcing a new LinkedIn Learning course on GitHub Advanced Security for Azure DevOps, covering dependency scanning, secret scanning, and CodeQL analysis.
Improve Dependabot alert triaging in GitHub using hidden UI filters for vulnerable calls, auto-dismissed alerts, runtime dependencies, and patchable issues.
Learn how to retrieve GitHub Advanced Security alerts from the GHAzDo REST API, including filtering by alert type, severity, branch reference, and alert state.
Slides from Developer Week '23 in Nuremberg on GitHub Actions beyond CI/CD, preventing supply chain attacks, and using GitHub security features like CodeQL.
Fix file permission errors caused by container-based GitHub Actions on self-hosted runners using runner environment hooks or ephemeral runner strategies.
Learn how to write job summaries to GITHUB_STEP_SUMMARY in GitHub Actions using the actions/core npm package, with table and Mermaid diagram examples.
Session slides from GOTO; Aarhus 2023 on protecting code with GitHub security features, covering commit signing, Dependabot, secret scanning, and CodeQL.
Explore GitHub Advanced Security for Azure DevOps in public preview, with details on dependency scanning, secret scanning, CodeQL integration, and alert fixes.
Slides and session notes from VS Live! Nashville 2023 covering GitHub Actions beyond CI/CD, supply chain attack prevention, and GitHub security features.
Discover how GitHub Copilot and AI tools helped create an Azure Function and Node.js app in hours, while CodeQL caught security issues in generated code.
Step-by-step guide to enabling CodeQL on GitHub Enterprise Server, including syncing the CodeQL bundle, setting up runners and configuring code scanning.
An analysis of GitHub secret scanning across 14,000 forked Marketplace repositories, revealing 1,300+ exposed secrets and making the case for enabling it.
Learn how to add the OSSF scorecard GitHub Action to your repo to automatically assess open source security best practices and display a public score badge.
Practical PowerShell examples for the GitHub GraphQL API to create and manage ProjectsV2, including authentication scopes and working with new global node IDs.
Discover how users with write access can manage GitHub Actions secrets via the REST API and GitHub CLI without needing admin rights or visibility in the UI.
Overview of the GitHub Advanced Security LinkedIn Learning course covering Dependabot, code scanning with CodeQL and secret scanning for enterprise teams.
How GitHub Actions versioning and SemVer work under the hood, why the runner does not enforce SemVer, and why pinning actions to a SHA hash is more secure.
Common gotchas when enabling GitHub Actions on GitHub Enterprise Server, covering self-hosted runners, Dependabot, GitHub Connect and binary download issues.
Slides and abstract from Techorama NL on defending CI/CD pipelines against supply chain attacks, covering typosquatting, package hijacking and pipeline risks.
Slides and abstract from the dotnetsheff virtual talk on protecting code using GitHub Advanced Security features with Dependabot, CodeQL and secret scanning.
A security analysis of the GitHub Actions Marketplace examining dependency vulnerabilities across thousands of actions and the supply chain risks they present.
Troubleshooting guide for GitHub Actions workflows that are not starting, covering file location, branch triggers and scheduled workflow configuration issues.
Learn the step-by-step workflow for creating a GitHub Action: from inline github-script to a standalone JavaScript action complete with unit tests and CI/CD.
Slides and abstract from the Code Europe talk on protecting your code using GitHub Advanced Security features like Dependabot, CodeQL and secret scanning.
A first-hand account of returning to live conference speaking at NDC Security Oslo, with sessions on GitHub Actions security and supply chain attacks in CI/CD.
Take control of GitHub notification settings by configuring automatic watching, participating filters, and Dependabot alerts to cut noise and stay productive.
Learn how to implement Configuration as Code for GitHub, automating user onboarding, team creation, and repository setup using YAML files and GitHub Actions.
Discover how to create GitHub Codespaces using the GitHub CLI, including the correct machine type values and required parameters for automation scripts.
Learn how to automate your home office setup using Home Assistant to turn on key lights and speakers automatically when your camera is detected as active.
A clear comparison of GitHub access tokens: Personal Access Tokens, the GITHUB_TOKEN, and GitHub App tokens, with security guidance on when to use each type.
Learn how to create a GitHub App from a manifest with an automated web flow, covering permissions, credential retrieval, and Jenkins pipeline integration.
Explore eight maturity levels for using GitHub Actions securely, from version pinning and SHA hashes to Dependabot, forked repos, and an internal marketplace.
See how to use GitHub Actions to build an internal Actions Marketplace that automatically scans repositories and curates approved actions for your organization.
A reference guide to GitHub magic configuration files, covering filenames, locations, and purpose from CODEOWNERS and dependabot.yml to action.yml and more.
Watch the GitHub Universe 2021 session on securing GitHub Actions, and find follow-up resources such as the slide deck and the internal marketplace blog post.
One of the best practices of using GitHub Actions is to fork all actions that you want to use to your internal actions organization. If often use organizationname-actions for that, just like I am doing for my own personal setup here: rajbos-actions.
Explore the learnings from converting a GitHub Action from PowerShell to TypeScript, covering strict types, ESLint, ncc compilation, and local testing.
Learn how to build a GitHub Action running PowerShell in a Docker container, covering the action.yml, Dockerfile, and how inputs are passed to the entrypoint.
Learn how to host ephemeral GitHub Actions runners on Kubernetes using actions-runner-controller, including AKS setup and an internal Rancher cluster setup.
Discover how to use the Azure DevOps REST API to programmatically enable or disable project features like Boards, Pipelines, and Repos on a per-project basis.
Watch the recording of a GitHub Actions security session at the Solidify show, plus answers to common questions about branch protection and self-hosted runners.
Learn how to migrate Pester v4 tests to v5 in PowerShell, including the correct syntax for passing parameters into your test files from Azure DevOps pipelines.
Recap of the GitHub Actions security session at Techorama 2021, including answers on running SAST tools on fork pull requests and evaluating action reputation.
Learn why self-signed certificates on GitHub Enterprise Server cause problems with Actions, Docker containers, and runners, and how to avoid those issues.
A detailed look at a home office setup for remote work and presenting, covering monitors, cameras, microphones, lighting, keyboards, and standing desk choices.
Explore how to combine GitHub and Azure DevOps for the best developer experience, comparing source control, pipelines, work tracking, artifacts, and security.
A practical Bash cheat sheet for PowerShell developers covering variables, string interpolation, file headers, output redirection, and exit code handling.
I was building a new GitHub Action today with a Dockerfile and got a strange error… `unable to prepare context: path “/action” not found.
Learn why GitHub Actions runners should never be reused across workflows, as shared runners enable data theft, cache poisoning, and availability attacks.
Find out how to change the default branch name in SonarQube Community Edition using a direct URL, since no UI option is available in the free version.
Learn GitHub Actions security best practices for private runners: limiting access, avoiding runner reuse, and never using them for public repositories.
An overview of GitHub Actions security best practices, covering forked repos, private runners, preventing pwn requests, and setting up an internal marketplace.
Discover GitHub Actions security best practices for forking action repositories, pinning versions to commit SHAs, and keeping your forked Actions up to date.
Find out how to secure your GitHub Actions workflows as presented at NDC London 2021, covering pipeline access, secrets, and third-party action trust.
Learn how to push and pull Docker images using the GitHub Container Registry (ghcr.io), including PAT authentication and a complete GitHub Actions workflow.
Explore Continuous Deployment strategies from basic auto-deploys to canary releases, rollback options, Infrastructure as Code, and zero-downtime deployments.
Learn why Git-based source control is essential for DevOps maturity, how distributed version control protects your code, and how to get your team started.
Get an overview of the DevOps maturity stages teams progress through, from source control and CI/CD pipelines to monitoring, observability, and feature flags.
Explore the DevOps maturity levels for Continuous Integration, from a basic CI build and test automation to dependency scanning and static code analysis.
Find out why Azure DevOps YAML pipeline environment approvals block the entire pipeline and how wrapping deployment jobs inside stages is the correct fix.
See how to use GitHub Actions with a self-hosted Windows runner to build and deploy a .NET Core application to IIS, including Selenium end-to-end web tests.
Learn how to authenticate Git against Azure DevOps using a Personal Access Token by adding an extra authorization header at repo, project, or org level.
Learn how to use NuKeeper manually via PowerShell to check for NuGet updates, create a new branch, and open a Pull Request on a private GitLab instance.
Fix the Git clone 'Filename too long' error on Windows 10 by enabling long file path support in both the Windows Group Policy settings and Git configuration.
Resolve the .NET Core global tool update error for dotnet-ef by removing the old tool store folder and executable before running the update command again.
Understand why the Azure DevOps REST API throws an ADAL error about an expired AAD refresh token when a service account hasn't been active for 90 days.
Find out how to register a startup or shutdown script on a Windows 10 VM using PowerShell by configuring the right registry keys and system folder structure.
Discover how to access the hidden Azure DevOps wiki Git repository to configure branch policies by crafting a direct URL when the Repos UI doesn't show it.
Learn how to run EntityFramework Core migrations on a .NET Standard library by using a companion .NET Core startup project with the correct CLI commands.
Find out how to resolve the Azure Active Directory error AADSTS50011 by exactly matching the reply URL in .NET Core OpenIdConnect middleware settings.
Discover how to propagate Azure DevOps release variable values across deployment stages using the REST API, with a downloadable PowerShell Task Group.
A complete reference list of all URLs you need in your proxy allow-list to successfully install and run the Azure DevOps Agent behind a corporate proxy.
Find out how to log the configured URLs of a .NET Core web application at startup using IServerAddressesFeature, with a full Serilog-based code example.
Learn how to nest appsettings.Development.json beneath appsettings.json in Visual Studio using csproj ItemGroup, and the equivalent setup for VS Code.
Set up an Azure DevOps agent on a local Windows machine to deploy an IIS web application without PowerShell remoting, including WinRM configuration steps.
Recover from accidentally committing to a protected Git master branch by moving your changes to a new branch and using git reset --hard to clean it up.
Explore the difference between server-level and database-level firewall rules in Azure SQL Database, and learn how to manage database-level rules using T-SQL.
Fix Application Insights Status Monitor losing its IIS connection during CD deployments by including the required Status Monitor binaries in your package.
Understand why Azure Repos policy settings became uneditable and how a Deny permission on the Contributors group blocks Project Administrators from editing.
Learn how to check, list, and update Azure CLI extensions like azure-devops, including why the update command gives no feedback unless you add --verbose.
Walk through deploying a .NET Core web application to Azure App Service using a GitHub Actions workflow, from creating the repo to a successful first run.
Deploy a Windows Service to a remote machine using Azure DevOps with the Manage Remote Windows Service extension, covering WinRM setup and known caveats.
See how to parallelize Stryker mutation testing across a large .NET solution in Azure DevOps by splitting projects into separate jobs and merging results.
Fix the SonarQube error 'Project was never analyzed' for a Java project in Azure DevOps by setting the Maven groupId as part of the SonarQube project key.
Find out how to run Stryker mutation testing across a large .NET solution with multiple projects using PowerShell to merge individual JSON result files.
Discover the workaround for .NET Core global tool install errors in Azure Pipelines when a tool is already installed, using dotnet tool update instead.
Learn how to integrate Stryker mutation testing for .NET Core into an Azure DevOps build pipeline, configure mutation thresholds, and analyse the HTML report.
Fix the 'Cannot find manifests file' error when installing a local .NET Core tool by running dotnet new tool-manifest, which requires .NET Core 3.0 or later.
Learn how to install and run .NET Core local tools in Azure DevOps pipelines, including how to create a dotnet tool manifest and execute custom commands.
Step-by-step guide to manually renewing a Let's Encrypt certificate for Azure App Service on Windows using WSL Certbot and OpenSSL to convert PEM to PFX.
Two ways to run a .NET Core console application in Azure DevOps: publishing a self-contained Windows executable or calling the assembly via a PowerShell task.
Follow the development journey of an Azure DevOps marketplace news bot, a .NET Core C# tool that monitors extensions and tweets updates via Azure Pipelines.
Keep customer identities separate as a consultant using Chrome personas to isolate browsing history, stored passwords, and Azure Active Directory accounts.
Fix syntax highlighting on a Jekyll GitHub Pages blog by configuring the rouge highlighter in _config.yml and adding a CSS file to your head.html include.
Learn to handle Azure CLI errors in PowerShell by converting JSON output and using the automatic variable $? to detect command failures in Azure Pipelines.
A DevOps Principles video series covering Shift Left, T-Shaped engineers, the four eyes principle, and automating everything to improve your team's delivery.
Explore the recording setup for a DevOps Principles video series, covering PowerPoint screen recording, Streamlabs OBS, microphone selection, and lighting tips.
A curated link overview of all Global DevOps Bootcamp 2019 blog posts, covering Azure learnings, monitoring, registration, and attendee experiences worldwide.
Discover the Azure scaling challenges encountered while provisioning 1340 App Services and SQL databases for Global DevOps Bootcamp 2019 across 4 subscriptions.
Explore how a simple Selenium proof-of-concept for GDBC Eventbrite automation grew step by step into a full Azure provisioning pipeline used in production.
A first-person account of the 48 hours organising Global DevOps Bootcamp 2019, from provisioning Azure infrastructure to monitoring the live event worldwide.
Set up SonarQube on Azure App Service with ARM template, configure Azure SQL with contained users, enable Azure AD authentication, and block anonymous access.
Learn how to find and scale your Azure Machine Learning Studio web service plan using the services.azureml.net portal, including downgrading to the free tier.
Fix the Azure Functions build error about RunResolvePublishAssemblies by adding a global.json file that pins the .NET Core SDK version to a compatible release.
Learn how to connect Azure Monitor Activity Log to an Event Hub and trigger an Azure Function, with step-by-step guidance using the Azure Portal and Azure CLI.
Solve the Docker for Windows unauthorized error when running docker commands by switching from your email address to your Docker Hub username for login.
Find out why Azure Functions run logs appear missing when Application Insights sampling is turned on, and how to disable sampling to restore all log entries.
Learn how to monitor and fix Azure Functions connection limit errors caused by HttpClient, using Application Insights metrics and static client instantiation.
A practical guide to setting up SonarQube for Azure DevOps, covering certificates, JRE requirements, CSS analysis issues, and running it on Azure App Service.
Walk through setting up a free Azure DevOps Pipeline for a GitHub open source project, including YAML configuration, status badges, and email notifications.
Find out how to fix the silent error when exporting Azure Activity Log to an Event Hub by registering the missing microsoft.insights resource provider.
See how VSTS CI/CD pipelines automated validation and deployment of Global DevOps Bootcamp challenges, from pull request quality checks to work item creation.
Learn how to correctly retrieve AppSettings from an Azure App Service using the Fluent SDK by using WebSiteManagementClient instead of SiteConfig properties.
Explore the challenges of using a self-signed certificate on a SonarQube server with VSTS build tasks, including Java and Node.js certificate trust issues.
Find out why you can safely revoke your VSTS Personal Access Token after registering a build agent, as the token is only needed for initial authentication.
Learn how to set up a Chocolatey package server in Azure using an ARM template, create NuGet-wrapped packages, and install them on a Windows client machine.
Discover how the Global DevOps Bootcamp leaderboard ran on Azure with VSTS CI/CD pipelines, and how the team scaled and fixed live incidents during the event.
Part 3 of the DevOps telemetry series covers monitoring SSL certificate validity and security headers using SSLLabs and SecurityHeaders.com in your pipeline.
Learn how to monitor Azure supporting systems including App Service, SQL Database, and Blob Storage using Application Insights and built-in Azure metrics.
Discover how to build DevOps telemetry for an Azure SaaS application using Application Insights, table storage logging, and operational dashboards for the team.
Bulk-change VSTS work item types from Epics to Features using the TeamFoundationServer.Client NuGet package and C# to automate process template updates.
Learn how to display custom post excerpts on your Jekyll index page using special HTML comment tags to mark the start and end of your post summary text.
A first look at setting up a Jekyll blog on GitHub Pages, exploring its easy setup, static page generation, and comparison to other blogging platforms.
Put your Azure App Service into maintenance mode by adding an app_offline.htm file to the webroot via Kudu, serving a custom offline message to all visitors.
Add HTTPS support to your ASP.NET Core MVC application using custom redirect middleware that enforces HTTPS for GET requests and returns 403 for all others.
A curated list of useful Visual Studio extensions including WakaTime, SonarLint, SlowCheetah, and T4MVC, saved here for quick reference and discovery.
Fix Windows 10 Insider Preview builds not appearing after reverting to an older build by removing a registry key from the RecoveredFrom list in Registry Editor.
Learn how to integrate SonarQube with TFS 2015 Update 1 build tasks using OpenCover for code coverage, removing the need for Visual Studio Enterprise license.
Restore the Windows 8.1 fly-out WiFi and VPN menu in Windows 10 by changing a single registry key value; administrator rights are required to apply it.
Visual Studio 2015 Update 1 received a service update that fixes a critical error related to T4MVC; find the knowledge base article and download link here.
WakaTime is a Visual Studio plugin that automatically tracks your coding time per project and language, providing useful stats about your coding habits.
Starting a new ASP.NET MVC 6 demo project in Visual Studio 2015 to explore new features, with the source code published on GitHub for future reference.