Engineering@Microsoft

Microsoft open sources its software bill of materials (SBOM) generation tool

July 12, 2022 Jul 12, 2022 07/12/22

Danesh Kumar Badlani, Adrian Diglio

We are excited and proud to open source our software bill of materials (SBOM) generation tool. A key requirement of the Executive Order on Improving the Nation's Cybersecurity, SBOMs are lists of ingredients that make up software components, providing software transparency so organizations have insight into their supply chain dependencies. ...

The pursuit of an autonomic scale and efficiency system for Microsoft 365: Making it as easy as breathing

March 29, 2022 Mar 29, 2022 03/29/22

Randy Lehner

Through automated profiling and data collection of performance behavior, Microsoft’s M365 Core team can derive the context with which to inform the engineer about the impact of their code, as they write it. Randy Lehner likens it to the autonomic nervous system in this post on their Cloud Profiling and Reporting Pipeline.

Accessibility Insights for Web

February 14, 2022 Feb 14, 2022 02/14/22

Jacqueline Gibson

In this post, Jacqueline Gibson goes over Accessibility Insights for Web, Microsoft's open-sourced Chrome and Edge extension that helps users find and fix web accessibility issues.

Improving developer productivity via flaky test management

February 1, 2022 Feb 1, 2022 02/1/22

Suresh Thummalapenta

Flaky tests are a well-known problem across the industry and Microsoft is no exception. In this post, Suresh Thummalapenta walks us through the team's comprehensive flaky test management system that helps to infer, triage, and quarantine those tests.

Accessibility Insights for Windows

December 13, 2021 Dec 13, 2021 12/13/21

John Alkire

In this post, John Alkire walks through the features of Accessibility Insights for Windows, which enables users to inspect and test Windows applications to find and fix accessibility issues.

CloudTest: A multi-tenant, scalable, performant and extensible verification service

October 25, 2021 Oct 25, 2021 10/25/21

Sina Jafari

In this post, Sina Jafari discusses key characteristics of the CloudTest infrastructure used at Microsoft and why similar characteristics should be considered in all large-scale test infrastructures to improve engineers’ productivity and help them ship high-quality software.

Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft

October 13, 2021 Oct 13, 2021 10/13/21

Adrian Diglio

In this post, Adrian Diglio walks us through how Microsoft is planning to generate SBOMs not just to meet the U.S. Presidential Executive Order on Improving the Nation's Cybersecurity, but for all software that Microsoft produces.

Caesar, standards, and SAST: The road to SARIF

September 27, 2021 Sep 27, 2021 09/27/21

Michael C. Fanning

In this post, Michael Fanning gives us a short history on standards (think Julius Caesar), how consensus on something very small can enable something very large, and how all of it relates to the design of the ‘Static Analysis Results Interchange Format’ (SARIF).

You can’t have security for DevOps until you have DevOps for security

September 16, 2021 Sep 16, 2021 09/16/21

Bryan Sullivan

The faster we iterate on refining secure development practices, the faster our developers can address security pain points, and the better we protect our customers. In this post, Bryan Sullivan walks through key learnings from the 1ES Security team.

Large-scale distributed builds with Microsoft Build Accelerator

August 18, 2021 Aug 18, 2021 08/18/21

Michael Pysson

Learn how Microsoft evolved it’s build caching algorithm with BuildXL to support large-scale distributed builds.