Showing results for Security - Azure DevOps Blog

A DevSecOps best practice is root cause analysis, so that we can learn from live site incidents and prevent their recurrence. Equifax made news recently with the exfiltration of data from half the US population. This is a sobering opportunity to look at the root cause. The Equifax attack used Apache Struts, a popular open source project for web ap...

Back in March, I wrote about the WhiteSource Bolt extension for VSTS. This is a fantastic way to automate security checks for open source vulnerabilities in the release pipeline of your team project. The most frequent question I’ve received is, When can we have this for TFS too? I’m happy to announce that the extension now works with TFS on-pre...

Most organizations today consume open source software in their development projects. The reuse of components enables great productivity gains. However, this practice has an unintended consequence: you can reuse security vulnerabilities or violate licenses without realizing the risk. I wrote about this in an article in MSDN Magazine on Rugged DevOps...

Last month we announced that Visual Studio “Dev15” Preview 5 now supported Live Dependency Validation. In this blog post,   On demand video about dependency validation During the connect 2016 event, we’ve proposed an on-demand video which explains in detail why you’d want to use Dependency Validation and ...

We are removing the UML designers from Visual Studio "15" Enterprise. Removing a feature is always a hard decision, but we want to ensure that our resources are invested in features that deliver the most customer value.  Our reasons are twofold: If you are a significant user of the UML designers, you can continue to use Visual Studio 2015...

In the past year, you told us that you considered removing unwanted dependencies to be an important part of managing your technical debt. The Layer designer enables you to validate architectural dependencies in your Visual Studio solutions. It first shipped in Visual Studio 2010, and is now part of Visual Studio Enterprise. But the experience could...

When you want to understand specific dependencies in your code, visualize them by creating code maps. You can then navigate these relationships by using the map, which appears next to your code. Code maps can also help you keep track of your place in the code while you work or debug code, so you'll read less code while you learn more about your cod...

Amongst the improvements we’ve made to Code Maps in Visual Studio Enterprise 2015 RTM are: The icons are now consistent with Solution Explorer and other tools The following screenshot shows a code map in Visual Studio 2015 RC. You can see that, although the nodes are decorated with icons, these are of varying sizes and some are not even sim...

Today Soma announced the Release Candidate of Visual Studio 2015. It adds two useful improvements to the Code Maps feature, which can make it easier to create better designs and architectures for your applications. The first improvement is in the way that code maps display and interpret test assets within solutions. The second improvement is in the...

Code Maps, previously known as Directed Graph Documents, are a great way to visualize the relationships and interdependencies between the components of your applications. They make it much easier to understand the architecture of your (or, even more useful, somebody else’s) application, and where you should start when you need to update the applica...