Azure DevOps Blog

DevOps, Git, and Agile updates from the team building Azure DevOps

August 2020 - Azure DevOps Blog

Let’s Hack a Pipeline: Shared Infrastructure

August 27, 2020 Aug 27, 2020 08/27/20
Matt Cooper
Welcome back to Let's Hack a Pipeline.We've seen argument injection and source code stealing.This week, we'll wrap up the miniseries with Episode III: a Shared Infrastructure attack.One more time: security is a shared responsibility.The purpose of this series is to showcase some potential pitfalls to help you avoid them.The setupLet's...

Let’s Hack a Pipeline: Stealing Another Repo

August 25, 2020 Aug 25, 2020 08/25/20
Matt Cooper
We're back with another Let's Hack a Pipeline. Last time, we saw how to create - and prevent - argument injection. In this episode, we'll look at how a malicious user could access source code they shouldn't see. Welcome to Episode II: Stealing Another Repo. (Episode III is now available, too!)As I said before: security is a shared ...

Let’s Hack a Pipeline: Argument Injection

August 21, 2020 Aug 21, 2020 08/21/20
Matt Cooper
Welcome to Let's Hack a Pipeline! In this series of posts, we'll walk through some common security pitfalls when setting up Azure Pipelines. We don't really want to get hacked, so we'll also show off the mitigation.Episode I is titled Argument Injection. Episode II and Episode III are now also available.Preface on securityA quick note ...

New in Azure Boards Sprint 174

August 17, 2020 Aug 17, 2020 08/17/20
Dan Hellem
The Azure Boards team has been hard at work fixing bugs and shipping new features. We have a few features that are now generally available as well as few public preview features. Check out all of the Azure Boards Sprint 174 goodies