Posts

The Issue I recently had an issue trying to add a new Azure DevOps Pipeline Agent Pool to an existing Azure DevOps 2022 Server via the Team Project Collection Settings UI. When tried to add the agent pool I got the error Access denied needs Manage permissions to perform this action. For more information, contact the Azure DevOps Server administrator The problem was that I was the Azure DevOps Server administrator ...

The Issue I have been chasing what it turned out to be a non-existent fault when trying to ingest test code coverage data into our SonarQube instance. I saw my ‘problem’ in a .NET 8.0 solution with XUnit v3 based unit tests, this solution was being built using this Azure DevOps Pipelines YAML - task: SonarQubePrepare@7 inputs: SonarQube: "SonarQube" scannerMode: "dotnet" jdkversion: "JAVA_HOME_17_X64" projectKey: "${{ parameters.sonarQubeProjectKey }}" projectName: "${{ parameters.sonarQubeProjectName }}" projectVersion: "$(GitVersion_Major).$(GitVersion_Minor)" extraProperties: | # Additional properties that will be passed to the scanner, # Put one key=value per line, example: sonar.cpd.exclusions=**/AssemblyInfo.cs,**/*.g.cs # Ingest the test results and coverage data sonar.cs.vscoveragexml.reportsPaths=$(Agent.TempDirectory)/**/*.coveragexml sonar.cs.vstest.reportsPaths=$(Agent.TempDirectory)/**/*.trx - task: DotNetCoreCLI@2 displayName: ".NET Build" inputs: command: "build" arguments: > --configuration ${{ parameters.buildConfiguration }} --no-restore projects: "$(Build.SourcesDirectory)/src/MySolution.sln" - task: DotNetCoreCLI@2 displayName: ".NET Test" inputs: command: "test" projects: "$(Build.SourcesDirectory)/src/MySolution.sln" arguments: > --configuration ${{ parameters.buildConfiguration }} --collect "Code coverage" --no-restore --no-build - task: SonarQubeAnalyze@7 displayName: 'Complete the SonarQube analysis' inputs: jdkversion: "JAVA_HOME_17_X64" - task: SonarQubePublish@7 displayName: 'Publish Quality Gate Result' inputs: pollingTimeoutSec: "300" At the start of the SonarQubeAnalyze@7 task log I could see that the .coverage file was found and converted into a .coveragexml file. However, there were multiple ‘The device is not ready’ errors when parsing this file later in the process. ...

The Issue I have some long standing PowerBI reports that I use for summarizing project data. They use a variety of data sources, including Azure hosted SQL instances. I recently moved the Azure hosted SQL databases to a new instance as part of a major tidy up of my Azure resources. This of course caused my reports to break. I thought swapping the SQL connection details in PowerBI would be easy, and I guess it was, but it took me too long to work out how. ...

The Issue We have used SonarQube and the OWASP Dependency Checker Plugin for many years to perform analysis and vulnerability checking within our Azure DevOps Pipelines. Recently, whilst picking up an old project for a new phase of development, I came across a couple of problems due to changes in both tools since the project CI/CD pipelines were last run. The OWASP Dependency Checker vulnerabilities were not appearing in SonarQube as issues The OWASP Dependency Checker HTML report could not (always) be loaded in SonarQube The issues were just down to changes in both tools over time. It just goes to show that you can’t just setup a CI/CD system and expect it work forever, changes are always being introduced in cloud based tools. ...

Another podcast I recently recorded with our friends at Grey Matter has just been published Secure by design: The DevSecOps mindset

I recently came across an interesting side effect with the Azure DevOps cache task if its settings are not correctly configured. One that caused me to get somewhat confused before I realised what had occurred. The Problem I had a working pipeline that as part of its build process ran the OWASP Dependency Checker task. This can be slow to run as it has to download the current vulnerability database. To try to speed my builds I have been using the cache task to cache the current pipeline run’s downloaded vulnerability database, so on the next run the vast majority of the database is already downloaded. ...

Updated 30-Oct-2025 Added more details on Screen Refresh Rate and Teams Room App The Problem We have owned a Surface Hub v1 for a number of years, and it has served us well. However, with Microsoft ending support for Windows 10 it was in danger of becoming a large piece of sculpture in the office. This is not just because we did not want to run a Windows 10 device when security patches were not available, but that the embedded version of Teams would not even load. ...

The Issue I have previously posted about settings up Snipe IT on Azure using a Docker container running in an Azure WebApp with a MySQL DB. I recently had to revisit my setup as the site was failing to load with a DB connection failure. The issue was that the SSL certificate chain used by Microsoft for their hosted MySQL service had changed and my settings needed to be updated The Solution In te Azure Portal find your MySQL instance and select the networking blade, click the ‘Download SSL Certificate’ link, you are taken to learn.microsoft.com . Download the DigiCert Global Root G2 certificate and the Microsoft RSA Root Certificate Authority 2017 certificate You need to combine these certificates i.e. put the base64 coded versions of each in a single text file. -----BEGIN CERTIFICATE----- (Content from DigiCertGlobalRootCA.crt.pem) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Content from DigiCertGlobalRootG2.crt.pem) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Content from MicrosoftRSARootCertificateAuthority2017.crt.pem) -----END CERTIFICATE----- SO, I downloaded the DigiCertGlobalRootCA.crt.pem file I was using previously from my Snipe IT’s Azure File Storage and opened it in a text editor (the first block) I then appended the contents of DigiCertGlobalRootG2.crt.pem to this file (the second block) Before I could do the same with the Microsoft RSA Root Certificate Authority 2017.crt file I had to import the .CRT file onto my local Windows machine, then export it is a Base64 encoded file. Once this was done, this too could be add to the DigiCertGlobalRootCA.crt.pem file (the third block) Once all the edits were made I save the edited file and uploaded it into the Azure Storage to overwrite the old version. This avoid the need to edit any other configuration settings that referenced the certificate file name. Once this was done my Snipe IT instance loaded as expected. ...

Introduction The recent addition to Azure DevOps of the StringList parameter type can be really useful to dynamically create parallel stages or jobs in an Azure DevOps YAML pipeline. A StringList parameter can be used to present a list of values to the user queuing a pipeline run, thus allowing the selection of one or more values that can be accessed using a YAML expression loop. This can be combined with YAML templates, where the StringList is passed into a template as an Object. Noting that you can’t use the StringList type for a parameter type in the template definition. However, this is not a problem as there is a dynamic conversion from StringList to Object e.g. ...

A while ago I posted about starting to use Home Assistant. This has been working well for monitoring our SolarEdge PV and Battery system, controlling if we should charge the battery with cheap overnight power if there has not been enough sun to fully charge the battery. Bitten by the Home Assistant bug, I decided I wanted to add more sensors to the systems, so bought some cheap Zigbee equipment from AliExpress ...