Azure DevOps Blog

DevOps, Git, and Agile updates from the team building Azure DevOps

Let’s Hack a Pipeline: Shared Infrastructure

Welcome back to Let's Hack a Pipeline. We've seen argument injection and source code stealing. This week, we'll wrap up the miniseries with Episode III: a Shared Infrastructure attack. One more time: security is a shared responsibility. The purpose of this series is to showcase some potential pitfalls to help you avoid them. The setup Let's...

Let’s Hack a Pipeline: Stealing Another Repo

We're back with another Let's Hack a Pipeline. Last time, we saw how to create - and prevent - argument injection. In this episode, we'll look at how a malicious user could access source code they shouldn't see. Welcome to Episode II: Stealing Another Repo. (Episode III is now available, too!) As I said before: security is a shared ...

Let’s Hack a Pipeline: Argument Injection

Welcome to Let's Hack a Pipeline! In this series of posts, we'll walk through some common security pitfalls when setting up Azure Pipelines. We don't really want to get hacked, so we'll also show off the mitigation. Episode I is titled Argument Injection. Episode II and Episode III are now also available. Preface on security A quick note ...

New in Azure Boards Sprint 174

The Azure Boards team has been hard at work fixing bugs and shipping new features. We have a few features that are now generally available as well as few public preview features. Check out all of the Azure Boards Sprint 174 goodies