Oral Brekke

Oral Brekke

1618019280

GitHub Advanced Security from Azure DevOps

GitHub Advanced Security has recently started supporting the ability to analyze your code for security vulnerabilities and coding errors from third-party CI pipelines. This article will teach you how to configure the code scanning feature in your GitHub repository and scan your code for any vulnerabilities from Azure DevOps pipelines.

To integrate the GitHub advanced security feature with Azure DevOps, you must perform the following actions:

  • Download the latest CodeQL dependencies in your agent.
  • Give CodeQL access to your repository.
  • Initialize CodeQL executable and create a QueryableDB.

Once you have completed these operations, you will be able to scan your application. The results will be uploaded to GitHub, and you will be able to review them from the GitHub interface.

IMPORTANT: Remember that the hosted agents used in azure pipelines are ephemeral, this means that you must install the CodeQL package every time your pipeline is run. This operation won’t be necessary if you have a self-hosted agent because you can pre-install the package and re-use it for each execution.

#azure #security #devops #microsoft #github

What is GEEK

Buddha Community

GitHub Advanced Security from Azure DevOps
Nabunya Jane

Nabunya Jane

1624939448

A side-by-side comparison of Azure DevOps and GitHub

Collaboration is a crucial element in software development; having the right collaboration tools can make a difference and boost the entire team’s productivity. Microsoft introduced its Application Lifecycle Management product with Team Foundation Server (aka TFS) on March 16th, 2006. This software had to be installed on a server within your network and had a user-based license. To reduce the complexity of setting up and maintaining the server, Microsoft released Visual Studio Online–an Azure-based, server-hosted version of TFS. Microsoft manages and administers the servers as well as taking care of backups. To clarify its commitment to agile and DevOps, Microsoft rebranded Visual Studio Online in 2015 as Visual Studio Team Services and later as Azure DevOps in 2018.

Since its beginning, this platform has changed significantly. For example, it introduced a customizable, task-based build service, release gates, and much more. Many organizations across the world made a significant investment to run their businesses on Azure DevOps. For this reason, after Microsoft announced the acquisition of GitHub in mid-2018, GitHub announced its automated workflow system, which is much like Azure Pipelines. It’s called GitHub Actions. Due to the switch, some companies became afraid of having to migrate their practices again. In the past few months, I have gotten several questions about whether it is still worth starting new projects on Azure DevOps, especially after the release of features like GitHub Advanced Security and GitHub Codespaces (similar to Visual Studio Codespaces). In this article, I’ll clarify the differences between these two platforms, and I’ll give you some advice on how you should be using them to your advantage.

Data Residency

To meet the needs of companies that want to keep their data within their network, both GitHub and Azure DevOps provide a server version of their platform. GitHub version is called GitHub Enterprise Server, and the Azure DevOps version is called Azure DevOps Server. Both versions require the client to install and maintain both software and machine.

On the other hand, there is a critical difference between their cloud-hosted version. While Azure DevOps Service allows you to choose the Azure region, which is closes to your organization’s location, to decrease the eventuality of networking latency during the creation of your organization (collection of projects). GitHub doesn’t provide this feature.

Project management and bug tracking

GitHub

At the core of GitHub project management, we can find the issues. This task can be used to track any work item, from feature to bugs, and can be sorted into a Kanban-style board for easy consultation. The issue’s description also supports markdown syntax. Adding a specific keyword #issue-number (ex: #3) can associate the issue with another one. Each issue can be assigned to multiple developers, be linked to pull requests, and have various labels assigned to it. One can link a pull request to an issue to show that a fix is in progress and automatically close the issue when someone merges the pull request.

GitHub Kanban board

  • Lastly, multiple issues can be grouped into milestones that will give immediate feedback about the completion percentage. Milestones can also include a due date.

#azure-devops #microsoft #azure #github #azure devops #azure devops and github

Oral Brekke

Oral Brekke

1618019280

GitHub Advanced Security from Azure DevOps

GitHub Advanced Security has recently started supporting the ability to analyze your code for security vulnerabilities and coding errors from third-party CI pipelines. This article will teach you how to configure the code scanning feature in your GitHub repository and scan your code for any vulnerabilities from Azure DevOps pipelines.

To integrate the GitHub advanced security feature with Azure DevOps, you must perform the following actions:

  • Download the latest CodeQL dependencies in your agent.
  • Give CodeQL access to your repository.
  • Initialize CodeQL executable and create a QueryableDB.

Once you have completed these operations, you will be able to scan your application. The results will be uploaded to GitHub, and you will be able to review them from the GitHub interface.

IMPORTANT: Remember that the hosted agents used in azure pipelines are ephemeral, this means that you must install the CodeQL package every time your pipeline is run. This operation won’t be necessary if you have a self-hosted agent because you can pre-install the package and re-use it for each execution.

#azure #security #devops #microsoft #github

Alanna Jacobson

Alanna Jacobson

1602401329

How to Extend your DevOps Strategy For Success in the Cloud?

DevOps and Cloud computing are joined at the hip, now that fact is well appreciated by the organizations that engaged in SaaS cloud and developed applications in the Cloud. During the COVID crisis period, most of the organizations have started using cloud computing services and implementing a cloud-first strategy to establish their remote operations. Similarly, the extended DevOps strategy will make the development process more agile with automated test cases.

According to the survey in EMEA, IT decision-makers have observed a 129%* improvement in the overall software development process when performing DevOps on the Cloud. This success result was just 81% when practicing only DevOps and 67%* when leveraging Cloud without DevOps. Not only that, but the practice has also made the software predictability better, improve the customer experience as well as speed up software delivery 2.6* times faster.

3 Core Principle to fit DevOps Strategy

If you consider implementing DevOps in concert with the Cloud, then the

below core principle will guide you to utilize the strategy.

  • It is indispensable to follow a continuous process, including all stages from Dev to deploy with the help of auto-provisioning resources of the target platform.
  • The team always keeps an eye on major and minor application changes that can typically appear within a few hours of development to operation. However, the support of unlimited resource provisioning is needed at the stage of deployment.
  • Cloud or hybrid configuration can associate this process, but you must confirm that configuration should support multiple cloud brands like Microsoft, AWS, Google, any public and private cloud models.

Guide to Remold Business with DevOps and Cloud

Companies are now re-inventing themselves to become better at sensing the next big thing their customers need and finding ways with the Cloud based DevOps to get ahead of the competition.

#devops #devops-principles #azure-devops #devops-transformation #good-company #devops-tools #devops-top-story #devops-infrastructure

Osborne Durgan

Osborne Durgan

1590876000

DevOps with Azure GitHub and Azure DevOps

Join this session to learn the latest announcements on DevOps with Azure using GitHub and Azure DevOps directly from product leadership, learn about what the upcoming roadmap is and how to optimize your pipelines to get the maximum flow of value to your customers.

#azure #azure github #azure devops

Zara Bryant

Zara Bryant

1620334560

All Around Azure: DevOps with GitHub Session 3: Building in Security and Quality

Security and compliance are core concerns for organizations. Adopting DevOps practices and delivering software faster can increase those concerns. We can take steps to increase security and compliance as part of our DevOps lifecycle.

Attendee Takeaways:

  • Shift security left by enabling security at the earliest possible point
  • Keep your container images current and be aware hidden dangers in base images
  • Use infrastructure as code and policy as code to provide consistency in environments

Concepts Covered:

  • Security and Compliance
  • Communication and Collaboration
  • CI

#devops #azure #github #security