DevSecOps
GitHub for All - Overview
GitHub is one of my passion areas. You may have realised that already, with the amount of content that I've written about it. That's only going to continue, because I've recently been hired there as an Enterprise Advocate. I've been supporting customers in their DevOps journey for the past 9 years or so. Interestingly, there are some reoccurring themes that I've found that are common. One of those themes is that DevOps is an App Development concept. In fact, it's something that can be applied across domains (e.g. Infrastructure, Data, etc.) This is the start of a new blog series that will address those common themes, particularly in the context of GitHub.
Using GitHub Actions and OpenID Connect to deploy Static Web Apps to Azure
Back in November, GitHub announced its OpenID Connect capability for cloud deployments was generally available. This has been on my list to try out, and I finally managed to get around to it! With scenarios like this, I prefer to do something real and hands-on, rather than mocked, or a proof of concept. I decided to refactor my GitHub Action workflows for cloudwithchris.com, removing the need for secrets stored in GitHub. In this post, I outline my journey through this.

V038 / V039 - Weekly Technology Vlog #38 and #39
A double episode catching up on two weeks of Azure updates including AKS scale down modes, Cosmos DB Functions v4, and Azure Functions runtime 4.0 with .NET 6, plus GitHub CLI 2.0, Advanced Security secret scanning APIs, and a look at secretless application patterns with managed identities.

DevOps Trends
A decade after Patrick Debois coined "DevOps," the landscape looks radically different. In this episode, Daniela Fontani — CTO at Central Consulting and long-time open source contributor — breaks down the most important DevOps trends reshaping the industry today: DevSecOps, GitOps, NoOps, automation-first pipelines, and the growing role of platform engineering. Plus, the honest truth about which buzzwords actually matter and which you can safely ignore.

V037 - Weekly Technology Vlog #37 (GitHub Issues Beta Special!)
Chris walks through the new GitHub Issues beta, showcasing project boards, table views, YAML-based issue forms, and converting checklists to sub-issues, alongside Azure capacity reservation, zone redundant disk storage, and DevSecOps shifting-left updates.
Shift Left and Increase your Code Quality with Azure DevOps Branch Policies
This post is similar to another I recently wrote on using Branch Protection Rules in GitHub. Instead of focusing on GitHub, we'll be looking at how you can use Branch Policies in Azure DevOps (specifically, Azure Repos). If you're using Azure Repos, but not using Branch Policies - I'd encourage you to start using them! I hope this post helps you learn how!
Shift Left and Increase your Code Quality with GitHub Branch Protection Rules
If you're using GitHub as your source control provider, then I'd encourage you to using Branch Protection Rules if you're not already doing so! In this blog post, we'll cover what Branch Protection Rules are and how they can increase your code quality.

Find vulns in your code before they find you
Security vulnerabilities don't wait to be discovered — and developers are often unknowingly shipping them through open source dependencies. In this episode, Chris is joined by DeveloperSteve Coochin, Developer Advocate at Snyk, to explore the real-world state of vulnerabilities in modern applications. Steve shares findings from his research into the PHP ecosystem and explains how developers can shift vulnerability detection left — catching CVEs in dependencies before they reach production, by integrating tools like Snyk directly into their CI/CD pipelines and GitHub workflows.
Why you should be using Azure Security Center
Whether you're brand new to Azure or have been using it for some time, you have likely either heard of - or come across - Azure Security Center. It's a service which can prove extremely valuable in baselining, measuring and improving your security posture. But, did you know there is additional functionality beyond the free tier? You may have previously known this as the standard tier, or now know this as Azure Defender, where you can opt in for those Azure Services that you particularly want to protect.

V031 - Weekly Technology Vlog #31
Chris opens with a heartfelt tribute to Abel Wang before covering Azure updates including Site Recovery cross-region replication, ExpressRoute expansions, and immutable blob storage. The episode highlights GitHub's 15+ new code scanning integrations with open source security tools, a comparison of Azure Static Web Apps hosting options, and upcoming Cloud with Chris content plans.
