DevSecOps

Using GitHub Actions and OpenID Connect to deploy Static Web Apps to Azure

Back in November, GitHub announced its OpenID Connect capability for cloud deployments was generally available. This has been on my list to try out, and I finally managed to get around to it! With scenarios like this, I prefer to do something real and hands-on, rather than mocked, or a proof of concept. I decided to refactor my GitHub Action workflows for cloudwithchris.com, removing the need for secrets stored in GitHub. In this post, I outline my journey through this.

Blog

February 22, 2022
Shift Left and Increase your Code Quality with Azure DevOps Branch Policies

This post is similar to another I recently wrote on using Branch Protection Rules in GitHub. Instead of focusing on GitHub, we’ll be looking at how you can use Branch Policies in Azure DevOps (specifically, Azure Repos). If you’re using Azure Repos, but not using Branch Policies - I’d encourage you to start using them! I hope this post helps you learn how!

Blog

September 9, 2021
Shift Left and Increase your Code Quality with GitHub Branch Protection Rules

If you’re using GitHub as your source control provider, then I’d encourage you to using Branch Protection Rules if you’re not already doing so! In this blog post, we’ll cover what Branch Protection Rules are and how they can increase your code quality.

Blog

August 30, 2021
Find vulns in your code before they find you

In this session, Chris is joined by DeveloperSteve Coochin, a Developer Advocate at Snyk. In this episode, Chris and Steve talk about vulns in the wild for a bit (well and to geek out in general), especially on the back of some research that Steve did recently on the likes of PHP. Steve has recently been looking into the security vulns that get let in without developers even knowing (Teaser: He was really surprised at some of them!)

Episode

August 18, 2021
Why you should be using Azure Security Center

Whether you’re brand new to Azure or have been using it for some time, you have likely either heard of - or come across - Azure Security Center. It’s a service which can prove extremely valuable in baselining, measuring and improving your security posture. But, did you know there is additional functionality beyond the free tier? You may have previously known this as the standard tier, or now know this as Azure Defender, where you can opt in for those Azure Services that you particularly want to protect.

Blog

August 16, 2021
Introduction to Project Bicep - The evolution of ARM Templates

You may have heard about ARM Templates. You may have heard about Project Bicep. What are they, how do they differ? Why would I use one over the other? That’s exactly what we’ll be exploring throughout this blog post!

Blog

June 18, 2021