Matt Cooper

(formerly) Staff Product Manager, (formerly) Azure DevOps

Previously Azure Pipelines, Repos, & Artifacts; Xbox; and Dynamics CRM. Proud Virginia Tech Hokie. Even prouder father of two, one typically-developing and the other with Down syndrome.

Post by this author

Replacing “View YAML”

November 20th, 2020
This sprint, we're replacing the "View YAML" experience. This is the feature which helps you migrate designer pipelines to YAML. The new version is more correct and covers more Classic Build features, which I'll cover in this post. It removes one useful quirk of the old implementation, so I'll share tips for anyone who depended on that quirk...

Let’s Hack a Pipeline: Shared Infrastructure

August 27th, 2020
Welcome back to Let's Hack a Pipeline. We've seen argument injection and source code stealing. This week, we'll wrap up the miniseries with Episode III: a Shared Infrastructure attack. One more time: security is a shared responsibility. The purpose of this series is to showcase some potential pitfalls to help you avoid them. The setup Let's...

Let’s Hack a Pipeline: Stealing Another Repo

August 25th, 2020
We're back with another Let's Hack a Pipeline. Last time, we saw how to create - and prevent - argument injection. In this episode, we'll look at how a malicious user could access source code they shouldn't see. Welcome to Episode II: Stealing Another Repo. (Episode III is now available, too!) As I said before: security is a shared ...

Let’s Hack a Pipeline: Argument Injection

August 21st, 2020
Welcome to Let's Hack a Pipeline! In this series of posts, we'll walk through some common security pitfalls when setting up Azure Pipelines. We don't really want to get hacked, so we'll also show off the mitigation. Episode I is titled Argument Injection. Episode II and Episode III are now also available. Preface on security A quick note ...

Azure Repos default branch name

August 6th, 2020
Azure Repos added the ability to choose a default branch for new repositories.

Uploading to Codecov just got easier

November 13th, 2019
Codecov.io added tokenless uploading of coverage results for public Azure Pipelines.

Using containerized services in your pipeline

January 23rd, 2019
Azure Pipelines has supported container jobs for a while now. You craft a container with exactly the versions of exactly the tools you need, and we'll run your pipeline steps inside that container. Recently we expanded our container support to include service containers: additional, helper containers accessible to your pipeline.

Git forks now in public preview

September 1st, 2017
Forks - the ability to create a server-side copy of a Git repository - is rolling out across Visual Studio Team Services (VSTS) and available in TFS 2018 RC1 as a public preview. In VSTS, you won't have to do anything to turn it on, it'll be available by default. If it's not on for you yet, it will be after the current deployment finishes. [...

Git repo tokens for the security service

March 14th, 2017
The VSTS platform offers a security REST endpoint which allows you to add and remove permissions on resources. (To understand the rest of this blog post, you're going to want to skim those docs first.) Several of the security APIs, as well as TFSSecurity.exe, expect a token identifying the resource to operate on. The token format varies across...

Splitting up Git administer permissions

January 27th, 2017
Like everything in VSTS and TFS, Git repos are protected by a set of permissions. For instance, you must have Read for a repo to clone or view its contents. Likewise, you must have Contribute to push changes. Until recently, you needed one permission to create, delete, or rename a repo, edit branch policies, or change other people's ...