Top Stories from the Microsoft DevOps Community – 2019.11.22
After all the recent travel, I finally got to spend this week at home and recharge. It was a much-needed break, and I got to enjoy Chicago, even though the winter decided to arrive early this year. So we can make a fresh cup of tea, and enjoy some community posts on code security and mobile development!
How to reuse your Azure DevOps pipeline between your projects
Code reuse has been a best practice for decades. But when we got into deployment automation, we seemed to forget how many issues can be caused by duplicating and maintaining the same implementation in multiple places. Can we reuse Azure Pipelines, and make sure that all of our future changes are applied across the board? Yes, and it gets easier with YAML! This article from Damien Aicheh shows us how to break down and reuse our Azure YAML pipeline across multiple projects, using an Android app as an example. Thank you, Damien!
Azure DevOps Settings for Xamarin iOS 13 and Android 10 Apps
Speaking of Android apps, Visual Studio 2019 recently got updated to support the recent versions of mobile development environments. Unfortunately, the update may have broken the hosted builds for some folks. This post from James Montemagno shows the updates needed in Azure DevOps to make sure your Xamarin builds are running successfully. Thank you, James!
99% of code isn’t yours
As mentioned earlier, code reuse helps us be more productive and less error-prone. Hence, it is mostly great news that we are, according to some reports, sharing the vast majority of our code today. This, however, means that we need to be extra careful about the packages we consume. In recent years, there’s been a ramp-up in supply chain attacks, when someone infiltrates your system through a third-party dependency, injecting malicious code into that dependency. This post from Jesse Houwing covers one of the potential ways to prevent such an attack in .NET projects. Thank you, Jesse!
Prevent “shadow-IT” Azure DevOps organizations
When you create a new Azure DevOps organization using your work email, it gets automatically tied to your Azure Active Directory (AAD). The benefit of this is that you can easily add your coworkers to the organization. The downside, however, is that large enterprises might not be aware of all the organizations created under their AAD. Read this post from Jasper Gilhuis to learn how you could set the policy to restrict permissions for creating new organizations using the company AAD.
Microsoft Security Code Analysis for Azure DevOps – Part 3 BinSkim
As security is top of mind for everyone, we recently released a new set of security tools for Azure DevOps called Microsoft Security Code Analysis. In this post, Gregor Suttie covers the tool called BinSkim, an open-source tool that validates the compiler/linker settings. Check out Gregor’s other posts in the series to learn about what else is in the toolkit!
If you’ve written an article about Azure DevOps or find some great content about DevOps on Azure, please share it with the #AzureDevOps hashtag on Twitter!