Measuring the impact of Developer Experience and GitHub Copilot is a complex subject. Understanding leading and lagging indicators can help organizations measure the right things, and thus prove out the value of good Developer Experience in general, as well as the impact of GitHub Copilot.
Generative AI? Who needs it? You’re the consummate developer and nothing is beyond your staggering cognitive powers, so why would you need GitHub Copilot - or any copilot for that matter?
Culture, culture, culture - it eats DevSecOps for breakfast! But what sort of culture should organizations build to succeed at DevSecOps? In this post I take a look at Mission Control and what it means for DevSecOps culture.
Tooling is an important aspect of DevSecOps - but culture dramatically influences how organization scale. In this post I’ll talk about a key cultural concept: Team Autonomy vs Enterprise Alignment.
I was recently at RSA for the first time. I have some spicy takes from the week.
GitHub Copilot is an AI pair programmer that can dramatically increase developer productivity. However, it is still a tool - and developers must learn how to frame Copilot’s capabilities in order to make the best use of it.
Secret Scanning Push Protection allows you to block pushes that contain secrets. These blocks can by bypassed, which may be surprising. However, allowing bypasses is actually a good thing!
CodeQL is a fantastic Static Analysis Scanning Tool (SAST). It can be enabled quickly using Actions, but it can be hard to figure out how to fine-tune which queries are run. In this post I’ll cover using Query Filters to fine-tune your CodeQL scans.
We’ve all heard the mantra to “shift left” - mainly for testing but also for security. Security scanning earlier (lefter 😸) in the process makes sense, but can you shift left too far?
I’ve posted before about how to authenticate to Azure in GitHub Actions using OIDC. It should follow that Terraform templates would be easy to use - but there are some gotchas.
