Problem I recently had a strange problem. I had an existing Azure DevOps YAML Pipeline that used the checkout task to do a deep Git fetch of a repo and it’s submodules. The reason for the deep fetch was that later in the pipeline we ran GitVersion and this needs the whole repo to be able to calculate the version. - checkout: self persistCredentials: true submodules: true - task: gitversion/setup@0 displayName: 'Get current version of GitVersion' inputs: versionSpec: '5....

At Black Marble, we have had a long standing Azure DevOps Team Project that we used for end-to-end demos of the principles of DevOps called Living the Dream. This used a legacy codebase, the old Microsoft Fabrikam demo, and showed that can be deployed using modern tools. As I had no similar demo for GitHub Enterprise, I thought it would be interesting to see how the migration process taking my Azure DevOps implementation over to GitHub would go....

Today at Microsoft’s Ignite Conference there have been some very interesting announcements related to Azure DevOps and GitHub. In the recent past, I have seen confusion from our clients as to what is Microsoft’s recommended DevOps solution, given they have both Azure DevOps and GitHub. It is true that Microsoft have said, and continue to say, that GitHub is the ’north star’ the long term destination for all users. However, that does not help clients today....

SonarCloud (and it’s on premise equivalent SonarQube) understand the concept of Git branching and PRs (in various platforms, in my case Azure DevOps was the important one). This means you can block the completion of a PR if the new code in the branch/PR does not meet the SonarCloud Quality Gate. A great way to stop the addition of technical debt. However, I recently found a problem when starting to use SonarCloud in an older codebase....

The OWASP Dependency Checker can be used to check for known vulnerabilities in a variety of eco-systems. This tool produces a HTML based report, but I wanted to expose the issues in SonarCloud. The problem is that SonarCloud does not allow ingestion of OWASP Dependency Checker vulnerabilities out the box. However, there is the option to ingest Generic Issue Data. To make use of this I just needed to change my XML results file to a JSON format...