GitHub Advanced Security on Chris Reddington

Rubber Duck Thursdays - Let's build down tech debt

Thu, 11 Dec 2025 00:00:00 +0000

Chris reviews the latest GitHub changelog and explores the major VS Code December release, then continues building custom agents for a game MCP server project.

GitHub Changelog Highlights

CodeQL 2.23.6 adds Swift 6.2.1 and new C# security queries
GPT-5.1 Codex Max now in public preview for GitHub Copilot across VS Code, GitHub.com, and GitHub Mobile
Workflow dispatch inputs limit increased from 10 to 25
Copilot code generation metrics now available in the enterprise insights dashboard
Enterprise teams limits increased over 10x — up to 2,500 teams and 5,000 users per team
Dependabot-based dependency graphs for Go now provide more complete transitive dependency trees
npm classic tokens revoked — replaced with session-based and CLI token management
Repository custom properties now support GraphQL management and a URL type with built-in validation
GitHub MCP server adds tool-specific configuration, lockdown mode for untrusted contributors, and default content sanitization against prompt injection
GitHub Enterprise Server 3.19 GA with rule set history import/export, SSH/TLS cipher configuration, and OpenTelemetry metrics
Auto model selection GA in VS Code for all Copilot plans

VS Code December Release — Agent Features

Agent HQ for managing multiple coding agents — background, cloud, or local — working simultaneously
Background agents with git worktrees for isolated workspaces, enabling multiple agents to work in parallel without file conflicts
Custom agents for organizations — share agents at the org level via .github-private repositories
Sub-agents via run sub agent — delegate tasks to specialized sub-agents with their own context windows to avoid context bloat
Claude skills support — reuse existing Claude Code skills within VS Code agents
Session management improvements — integrated sessions view, compact and side-by-side layouts, and persistent local agent sessions

Live Coding — Custom Agents and Background Agents

Chris demonstrates the new VS Code agent features by continuing work on a tic-tac-toe game with an MCP server backend. He creates a testing specialist agent using a TDD workflow, experiments with background agents running in git worktrees, and explores sub-agent delegation for specialized tasks like code quality review.

Rubber Duck Thursdays - Back to building GitHub CLI Extensions

Thu, 24 Apr 2025 00:00:00 +0000

In this episode, Chris reviews the GitHub Changelog covering organization-level Copilot custom instructions, CodeQL for Actions workflow security analysis, Copilot Code Review language expansion, secret scanning alert dismissals, and GitHub Mobile updates. The coding segment tackles theme switching for the Copilot Airways web app and a Tailwind CSS upgrade using GitHub Codespaces and Copilot Agent Mode.

Changelog Highlights

Organization custom instructions for Copilot enterprise customers
MAI-DSR1 — Microsoft AI-refined version of DeepSeek R1 available in GitHub Models
Copilot Code Review now supports C, C++, Kotlin, and Swift — covering over 90% of file types
CodeQL for GitHub Actions workflow security analysis is now generally available
Secret scanning alert dismissal requests with REST API support
Copilot for Xcode adds @workspace context, Claude 3.7 Sonnet, and GPT-4.5
GitHub Mobile updates including multi-model Copilot Chat and sub-issues
Dependabot scheduling with cron expressions

Live Coding

Fixed dark mode and light mode theme switching on the Copilot Airways web app
Attempted a Tailwind CSS upgrade in a fresh GitHub Codespace
Discussion of Copilot Agent Mode workflows and custom instructions for guiding AI-assisted development

Rubber Duck Thursdays - Sshh, let's talk about secrets.

Thu, 03 Apr 2025 00:00:00 +0000

This episode focuses on why secrets should never exist in source code and how GitHub’s newly unbundled security products help prevent and detect secret leaks.

After the weekly GitHub Changelog review — covering the new GPT-4o Copilot completions model, repository ownership limits, GitHub Desktop updates, Copilot mobile multi-model support, and GitHub Issues dashboard improvements — Chris dives into the headline topic: GitHub Advanced Security splitting into two standalone products, Secret Protection ($19/month) and Code Security ($30/month), now available for GitHub Team plans without requiring Enterprise.

Rubber Duck Thursdays - Creating a brickbreaker walkthrough

Thu, 27 Mar 2025 00:00:00 +0000

Chris live-codes a GitHub-themed brick breaker game walkthrough using Copilot agent mode, demonstrating how prompt framing and context shape AI-generated code. The session covers bootstrapping project structure from an existing Game of Life template, Copilot custom instructions, and the latest GitHub changelog including enterprise rulesets, Copilot edits in JetBrains, and dependency label improvements.

In this episode, Chris sets out to build an educational walkthrough — similar to an existing Conway’s Game of Life sample — but for a brick breaker game styled with GitHub’s contribution graph colors. Using Copilot agent mode, he bootstraps the project structure by referencing the Game of Life walkthrough as context, then iterates on lesson pages focused on teaching prompt engineering for agent mode. The live coding demonstrates key concepts: how vague prompts produce incomplete results, how adding specific requirements (responsive containers, keyboard and mouse controls, bouncing physics) improves output, and how Copilot custom instructions (including a fun “talk like a pirate” experiment) modify agent behavior. Chris also briefly showcases the OctoSnap arcade concept and discusses ideas for making brick breaker use GitHub contribution data for brick colors and scoring. The changelog segment covers Mistral Small 3.1 in GitHub Models, upcoming GitHub Actions cache service changes, Copilot edits in JetBrains IDEs, enterprise custom properties and rulesets going GA, and Maven dependency labeling in the dependency graph.

Rubber Duck Thursdays - Exploring GitHub Models

Thu, 20 Mar 2025 00:00:00 +0000

Chris explores GitHub Models as an AI prototyping playground, demonstrates Copilot on the command line for learning Linux commands, and shows off a new leaderboard system for the OctoSnap card game. The session also covers two weeks of GitHub changelog updates including fine-grained personal access tokens going GA, enterprise-owned GitHub Apps, instant semantic code search indexing, and Copilot updates across VS Code, JetBrains, Xcode, and Eclipse.

Returning from a week off, Chris opens by demonstrating the GitHub CLI Copilot extension — using gh copilot suggest and gh copilot explain to translate natural language into shell commands, explain complex terminal commands, and learn Linux tooling interactively. He then showcases the OctoSnap leaderboard backed by Cosmos DB on Azure, and uses Copilot agent mode live to fix a bug where usernames with the @ symbol caused issues, including adding backend validation and tests. The second half focuses on GitHub Models, where Chris walks through the model catalog and playground, comparing models like GPT-4o and DeepSeek V3 for a computer science quiz scenario. He demonstrates system prompts, prompt presets, the prompt editor, quick actions for switching between cheaper and faster models, and how to generate integration code for JavaScript and Python. The changelog roundup covers Copilot custom instructions going GA, code referencing in JetBrains, enterprise-owned GitHub Apps, fine-grained PATs reaching general availability, actions performance metrics, and Copilot for Xcode chat becoming generally available.

Rubber Duck Thursdays - Building a scoring system

Thu, 06 Mar 2025 00:00:00 +0000

Chris walks through building “OctoSnap,” a GitHub-themed memory card matching game using Next.js and JavaScript. The session dives deep into designing a scoring model with GitHub Copilot — covering difficulty multipliers, time-based rewards, and penalty mechanics — and reviews the latest GitHub changelog including new AI models, GitHub Advanced Security pricing changes, secret scanning push protection APIs, and code scanning improvements for GitHub Actions workflows.

In this episode, Chris steps away from the Go-based CLI game extension built in previous weeks and introduces OctoSnap, a browser-based card matching game featuring artwork from the GitHub Octodex. He demonstrates the game across easy, medium, and hard difficulty modes, showing how image transformations like rotation and color filters increase challenge. The core focus is on iterating with Copilot to build a nuanced scoring system that balances mode difficulty multipliers, time duration bonuses, perfect play ratios, and random click penalties. Chris shares how he broke the problem into granular prompts for Copilot and visualized the scoring curves to ensure fair overlap between difficulty tiers. The changelog segment covers new models in GitHub Copilot and GitHub Models, GitHub Advanced Security being split into Secret Protection and Code Security standalone products, delegated alert dismissal, expanded CodeQL support for GitHub Actions and Go 1.24, and GitHub Mobile updates including Copilot chat and sub-issues.

Rubber Duck Thursdays - Tic, Tac, Toe

Thu, 13 Feb 2025 00:00:00 +0000

In this episode, the team continues building the gh-game GitHub CLI extension by adding a Tic Tac Toe game written in Go. The stream kicks off with a demo of GitHub Spark, a GitHub Next experiment for creating micro apps from natural language prompts, followed by a walkthrough of the latest GitHub changelog updates including Gemini 2.0 Flash availability, Copilot Vision, and Agent Mode in VS Code Insiders.

The main coding session uses GitHub Copilot Agent Mode, Copilot Chat, and Copilot Edits to scaffold and iterate on the Tic Tac Toe implementation. Along the way, CodeQL code scanning is enabled on the repository, catching issues with missing workflow permissions and unpinned GitHub Actions versions. The episode also covers the CI/CD pipeline setup with build and test steps in GitHub Actions, and improving code readability through Copilot-assisted refactoring.

Transform issues into plans with GitHub Copilot Workspace

Mon, 29 Apr 2024 00:00:00 +0000

This is a demo video for the technical preview of GitHub Copilot Workspace. Chris was responsible for:

Writing the script
Creating a demo environment
Recording the demo
Recording the voiceover
Production and Editing

End-to-end InnerSourcing and Secure Development with GitHub

Thu, 13 Oct 2022 00:00:00 +0000

Tech Roundup - May 2022

Sun, 29 May 2022 00:00:00 +0000

Your monthly digest covering May 2022 — one of the busiest months of the year thanks to Microsoft Build!

Azure Highlights

Azure Container Apps — now generally available; a standout announcement for event-driven, serverless container workloads without managing Kubernetes directly
Azure OpenAI Service — limited access preview with 25 OpenAI models including the GPT-3 series (ada, babbage, curie, davinci) and Codex — the technology behind AI-powered developer tools like GitHub Copilot
Azure DNS Private Resolver — public preview; enables hybrid name resolution and conditional forwarding, solving the long-standing challenge of resolving private Azure DNS from on-premises environments
Open Service Mesh extension for Azure Arc — GA; pluggable service mesh interface enabling consistent mesh capabilities across hybrid and multi-cloud environments
NGINX on Azure — natively integrated SaaS with advanced traffic management, built-in JWT support, active health checks, and Azure Key Vault integration
AKS host process containers — public preview for privileged Windows container workloads requiring host-level access
Azure Communication Services Email — GA; removes the dependency on legacy SMTP/IMAP servers for application email notifications
Azure Cosmos DB — hierarchical partition keys, enhanced serverless elasticity, partition merge, and MongoDB API RBAC now available
Azure Machine Learning — managed endpoints and CLI v2 in public preview

GitHub Updates How GitHub uses Dependabot internally to measure and accelerate dependency remediation, plus GitHub Projects enhancements.

Tech Roundup - January 2022

Sun, 30 Jan 2022 00:00:00 +0000

Your monthly digest covering Azure, GitHub, and Azure DevOps updates — so you don’t have to keep up with it all yourself!

In this January 2022 edition, Chris returns to Cloud With Chris after a break and opens with an honest account of his mental health journey — including depression, anxiety, and the importance of asking for support. He then covers:

Cloud With Chris Updates A retrospective on 2021 content performance, the shift from weekly to monthly roundups, and upcoming changes to the channel format and content cadence.

V038 / V039 - Weekly Technology Vlog #38 and #39

Sun, 26 Sep 2021 09:30:00 +0000

A bumper double episode covering two weeks of cloud updates after Chris returns from vacation. On the Azure side, highlights include AKS scale down modes for faster node scaling, custom policy definitions for AKS clusters, Cosmos DB Azure Functions extension v4 with managed identity support, Azure Functions runtime 4.0 with .NET 6, and SQL Managed Instance arriving in the Terraform registry.

The Azure DevOps blog roundup features programming for accessibility with Rory Preddy, leveling up with Bicep alongside April Edwards and John Downs, Azure DevOps audit streaming, and secretless application patterns using managed identities. GitHub updates include CLI 2.0, Advanced Security secret scanning REST API, audit log streaming in public beta, advisory database support for Rust, and new npm access token formats. Chris also previews upcoming community talks on Azure Arc for applications, static web app deployments, and the Cloud Adoption Framework.

Find vulns in your code before they find you

Wed, 18 Aug 2021 00:00:00 +0000

Security vulnerabilities don’t wait for you to find them — and as developers we are often unknowingly introducing them through the open source packages we depend on. In this episode, Chris is joined by DeveloperSteve Coochin, Developer Advocate at Snyk, to explore the real-world scale of the problem and what developers can do about it without slowing down.

Steve shares findings from his research into vulnerabilities in the PHP ecosystem — some of the results are genuinely surprising — and explains the core challenge: developers are not introducing vulnerabilities maliciously or carelessly, they are simply unaware of what is hiding inside their transitive dependencies. The solution is not to stop using open source (that ship has sailed), but to automate detection and remediation as close to the developer as possible.

V024 - Weekly Technology Vlog #24

Mon, 14 Jun 2021 00:00:00 +0000

Vlog #24 came to you on a Monday morning — a sunny weekend meant Sunday’s scheduled recording was skipped in favour of family celebrations. Same great content, one day later.

Azure News

Azure Virtual Desktop (the newly rebranded Windows Virtual Desktop) continued to generate buzz, with Azure Active Directory support, multi-session Windows 10 Enterprise VM management, and expanded enterprise scenarios all now available.

The Azure API for FHIR update highlighted compliance deadlines relevant to healthcare organisations using the CMS Patient Access and Provider Directory APIs.

V023 - Weekly Technology Vlog #23

Sun, 06 Jun 2021 00:00:00 +0000

In weekly vlog #23, Chris covers a packed week of Azure, Azure DevOps, and GitHub news alongside a series of Cloud with Chris episode recaps.

Azure News

Azure Virtual Desktop (formerly Windows Virtual Desktop) received a full rebrand and platform update, adding Azure Active Directory support, multi-session Windows 10 Enterprise VM management, and quick-start application scenarios — a timely evolution for a service that kept organisations productive throughout the pandemic.

V019 - Weekly Technology Vlog #19

Sun, 09 May 2021 00:00:00 +0000

Welcome to Weekly Vlog #19, broadcast live! This week leads with Azure’s visual rebrand and covers a wide range of security, platform, and community updates across Azure, GitHub, and Cloud with Chris.

Azure Highlights

New Azure Fluent Design Icon: Microsoft’s Fluent Design language arrives in Azure with a refreshed icon — widely celebrated across the developer community on social media.
AKS Secret Store CSI Driver Add-on: The open-source Secret Store CSI driver is now a managed AKS add-on (alongside App Gateway Ingress Controller and Pod Identity), making Kubernetes secret management significantly simpler.
Azure Security Center Updates: New hybrid and multi-cloud Kubernetes protection via Microsoft Defender for Kubernetes; recommendations for Defender for DNS and Resource Manager; Windows Server 2019 and Windows 10 Virtual Desktop now supported in Defender for Endpoint integration.
Azure VPN Gateway Enhancements: Multi-authentication type support (Azure AD, certificate, RADIUS) on a single gateway, BGP diagnostics, VPN packet capture in the Azure portal, and per-connection reset support.
Azure Backup for Blobs (GA): Operational backup for block blobs is now generally available.
Prevent Shared Key Authorization: New control to disable shared key authorization for Azure Storage accounts, improving security posture for teams moving to identity-based access.

GitHub Highlights

GitHub Enterprise Server 3.1: Now available, adding GitHub Actions visualisations, pull request auto-merge, Advanced Security improvements, and the mono-repo performance enhancements discussed in a prior week’s engineering post.
GitHub Release Radar: Pulumi 3.0 highlighted — a compelling cross-cloud infrastructure-as-code framework supporting multiple languages; distinct from Terraform’s approach.
GitHub Web Components: Engineering insight into how GitHub builds and maintains its own open-source UI component library.
Availability Report: Transparent post-incident analysis covering a DNS resolution failure affecting GitHub Packages and an elevated API error rate impacting repository creation, with clear remediation steps.

Cloud with Chris

Schema.org SEO blog post: How structured data — breadcrumbs, video previews, speaker cards — influences search engine result rendering.
Hugo CrossPoster open-source project post: Introducing the cross-posting automation tool for Dev.to and Medium, complete with GitHub Actions integration plans.
Cloud Gaming Notes Episode 4 with Dominic Williamson: Sudoku Social — a social sudoku game built with Unity and Azure PlayFab, now in beta on iOS and Android at sudoku.social.
Cloud Drop with Carol de Winter: A beginner’s guide to PowerShell in Azure Functions — the first Cloud Drop featuring a guest.
GitHub Actions + Azure Environments session: A focused walkthrough of environment-based deployment gates and approvals in GitHub Actions.

V018 - Weekly Technology Vlog #18

Sun, 02 May 2021 00:00:00 +0000

Welcome to Weekly Vlog #18, recorded on a UK Bank Holiday! This week’s episode covers an action-packed set of updates across Azure, Azure DevOps, and GitHub, plus a detailed engineering update on the Hugo CrossPoster open-source project.

Azure Highlights

Microsoft acquires Kinvolk: A significant cloud-native investment — Kinvolk are contributors to Flatcar Container Linux and CoreOS, reinforcing Azure’s commitment to containers and the Kubernetes ecosystem.
Azure Web PubSub (Preview): A new fully managed WebSocket service enabling real-time applications such as live chat, bidding platforms, and gaming backends, priced per connection unit similarly to Event Hubs.
Azure Site Recovery + Azure Policy (Preview): Enables onboarding VMs into Azure Site Recovery at scale via Azure Policy — a key governance unlock for enterprise disaster recovery.
Delivery Plans 2.0 GA: Azure DevOps now offers improved portfolio-level planning with higher team limits, start/target dates, dependency tracking, and richer roll-up visualisations.
Red Hat Summit recap: JBoss EAP preview on App Service, RHEL Reserved Instance hybrid benefits, Azure Arc-enabled OpenShift cluster onboarding, and upcoming Ansible integration enhancements.

GitHub Highlights

Feature flags engineering post: How GitHub decouples deployments from releases using feature flags at scale.
Mono-repo optimisation deep dive: Bitmaps, pack files, and multi-pack indexes — how GitHub engineers tackle maintenance costs on large repositories.
Dependabot Preview retirement: The legacy Dependabot Preview and dependabot.com will be shut down on August 3rd — migrate to native GitHub Dependabot now and review the feature parity roadmap.
GitHub Desktop 2.8: Whitespace hiding, diff expansion, and repository aliases.

Hugo CrossPoster Update

Chris’s Hugo CrossPoster open-source project is progressing with several new engineering practices in place:

V014 - Tech Roundup #14 Azure, DevOps & GitHub Blogs, Azure Updates & New CloudWithChris content

Sun, 04 Apr 2021 00:00:00 +0000

In this Easter Sunday livestream, Chris rounds up a bumper week of tech news. Azure highlights include Microsoft being named a Forrester Wave leader in Function-as-a-Service platforms — validating the Azure Functions investment — a Cost Management recap for March, and enterprise-scale landing zone guidance from Sarah Lean. A rapid-fire Azure update pass-through covers the new AKS run command feature (enabling ad-hoc commands through the Azure API plane on private clusters while respecting RBAC), AKS node image auto-upgrade, Open Service Mesh add-on for AKS, GA of Kubernetes 1.20 in AKS, and Azure Static Web Apps deployment without a DevOps pipeline.

V013 - Weekly Technology Vlog #13 (Lots of Azure, DevOps & GitHub) Blogs, Quick-fire Azure Updates

Sun, 28 Mar 2021 00:00:00 +0000

Weekly Vlog #13 covers an action-packed Azure week, with standout blog posts including Mark Russinovich’s Ignite session on Azure innovation, enterprise landing zones with modular designs, zonal disaster recovery enhancements via Azure Site Recovery, Security Center compliance updates, and Azure Databricks on Azure. On the Azure DevOps side, Chris highlights “DevOps-ing everything as code” and community stories touching on Terraform, Bicep, and policy-gated release pipelines.

The GitHub roundup digs into the GitHub Actions capture-the-flag writeup — revealing how an overly permissive workflow can expose repository secrets — and a fascinating multi-stage exploit chain from the GitHub Security Lab, both underscoring the growing importance of DevSecOps practices with GitHub Advanced Security.

V003 - Weekly Technology Vlog #3 (Contributing to OSS, Azure Thames Valley and Tech News)

Mon, 18 Jan 2021 00:00:00 +0000

A significant highlight is Chris’s new role in relaunching the Azure Thames Valley meetup group, working with SquaredUp CEO Richard to revive and grow the local community. He previews upcoming speaking engagements: an AzureIsh Live Among Us gaming stream (February 10), a SquaredUp webinar on application observability in a distributed world using Azure Monitor, App Insights, and distributed tracing (February 25), and a session for the Limerick .NET Azure User Group on using GitHub Actions to deploy static websites (March 6).

V001 - Weekly Technology Vlog #1 (Blog, Hugo, Azure, GitHub & Azure DevOps)

Mon, 04 Jan 2021 00:00:00 +0000

Chris kicks off the weekly vlog format with a look back at December 2020. On the open source front, he contributed pull requests to Matt Stratton’s Hugo Castanet theme — adding blog functionality and fixing episode number bugs — and began building a new Hugo theme designed for community groups, meetups, and conference platforms with multiple group and event structures. He was recognised as a new user of the month on the Hugo community forum for his support contributions there.