// Content

Learn how to enable developer productivity and collaboration while staying secure and compliant. Stay compliant without slowing down your business. From security to CI/CD, automate every step of your software workflow—so your developers can stay focused on what matters most: building.

Add checks to pull requests that run automatically during your code reviews. Run the Bicep linter on your code, and deploy the resources to a temporary environment to enable further automated and manual testing.

Discovering passwords in our codebase is probably one of our worst fears. But what if you didn’t need passwords at all, and could deploy to your cloud provider another way? In this post, we explore how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely, while minimizing the operational overhead associated with secrets (for example, key rotations).

Validate and test your Bicep code in your deployment workflow. You'll use linting, preflight validation, and the what-if operation to validate your Azure changes before you deploy, and you'll test your resources after each deployment.

Rapid prototyping is more than quick coding — it is a structured discipline for learning fast and making smarter product investment decisions. In this episode, Chris is joined by Andrew Greenstein, CEO of SF AppWorks and host of "The Next Great Thing" podcast, to explore three distinct types of rapid prototyping: design sprints, iterative feature development, and platform proof-of-concepts. The conversation draws on Kent Beck's product development triathlon (explore, expand, extract), Saras Saraswathy's effectuation theory, and a West Elm innovation case study — where rapid prototyping an AI image-matching feature and a chatbot delivered measurable revenue gains.

Manually maintaining SDKs across multiple programming languages is slow, error-prone, and a constant drag on developer velocity. This episode—featuring developer advocate Steve Kuching—explores using the open-source OpenAPI Generator to automate SDK creation from an OpenAPI spec, deploying the generator as a containerised service, and observing the entire pipeline with OpenTelemetry auto-tracing and Lumigo. Learn how to apply the same build, test, and observe principles you use for services to your SDK generation pipeline.

Chaos engineering is the discipline of proactively experimenting on distributed systems to build confidence in their ability to withstand production failures. Chris is joined by Ashish Balgath (Cloud Solution Architect at Thoughtworks) to explore how to introduce fault-injection experiments incrementally — from a developer's local machine all the way to production — using tools such as Chaos Monkey and fault-injection simulator tools.

The gap between raw Kubernetes and a developer-friendly platform is where the most interesting tooling is being built today. GitOps gives teams a declarative, version-controlled way to manage their clusters — but the YAML expertise and infrastructure knowledge required can be a steep barrier for developers. In this episode, Chris is joined by Laszlo Folgas, founder of Gimlet.io, to explore ClickOps over GitOps: a UI-driven deployment approach where developers click their way to production while the platform silently generates GitOps manifests and commits them to a Git repository. They cover Flux CD, how Gimlet's opinionated platform works end-to-end, and why developer experience has become the defining battleground in the cloud-native ecosystem.

Explore how GitHub Enterprise can help you transform your software engineering organization and practices.

Chris and Matt pick up inside GitHub Codespaces, getting the Player State service running locally on the first attempt thanks to Dapr's environment-variable secret store and Codespaces secrets. They then wire up the World Events Engine with Azure Storage Queue bindings and Table Storage state before hitting a stubborn .NET minimal API routing bug — becoming the cliffhanger that sets up the next session.