Browse DevOps News (270)

Reenu Saluja breaks down the main Azure hosting options for production AI agents and explains when to use each, with a deeper walkthrough of Microsoft Foundry Hosted Agents (deployment, lifecycle management, observability, scaling, and invocation patterns).

David Sanchez lays out a practical DevOps playbook for teams adopting AI coding agents (including GitHub Copilot Cloud Agent), focusing on readiness prerequisites, human–agent collaboration patterns, pipeline changes, governance, and security controls needed to keep quality and accountability intact as non-human contributors scale up.

Allison announces that Dependabot and code scanning can now use OpenID Connect (OIDC) for organization-level access to private registries, reducing reliance on long-lived secrets and enabling short-lived, dynamically issued credentials.

Allison announces new GitHub features that surface deployment and runtime context in repository properties and security alert pages, helping teams automate policy enforcement and prioritize Dependabot and code scanning alerts based on real production risk.

Kristen Womack explains how `azd update` simplifies keeping the Azure Developer CLI current across Windows, macOS, and Linux, including how to switch between stable and daily release channels.

Gloridel Morales announces April patches for Azure DevOps Server, summarizing key fixes (pull request completion reliability, safer sign-out redirect validation, and GitHub Enterprise Server PAT connection) and showing how to verify the patch is installed.

Allison announces a public preview feature that lets teams link GitHub code scanning alerts to GitHub Issues, making it easier to track and prioritize security remediation work in existing planning workflows.

Joseph Katsioloudes introduces Season 4 of GitHub’s Secure Code Game, a hands-on set of challenges where you exploit and fix vulnerabilities in an agentic AI assistant (ProdBot) to learn real-world AI-agent security risks like prompt-based tool misuse, memory poisoning, and sandbox escape.

Allison summarizes GitHub Secret Scanning updates that expand push protection defaults, improve enterprise fork coverage, and add new API capabilities for alert validity, provider filtering, scan history, and enterprise-wide dismissal request reporting.

Allison explains how GitHub’s SBOM export flow moved to an asynchronous model in the Dependency Graph UI and REST API, removing hard timeouts and adding a generate/fetch pattern for reliably downloading SBOM reports from large repositories.

Dorothy Pearce introduces GitHub’s free Code Security Risk Assessment, a one-click scan that uses CodeQL to surface vulnerabilities across up to 20 active repositories, and explains how the results help teams prioritize remediation (including where Copilot Autofix may apply).

Allison announces updates to GitHub Code Quality standard findings (public preview), including faster triage features like file-path search, bulk dismiss/reopen, and richer per-finding context, with fix suggestions generated by GitHub Copilot Autofix.

Allison announces a new “Fix with Copilot” button on github.com that uses Copilot cloud agent to resolve merge conflicts, verify builds/tests, and push updates from a cloud development environment, plus @copilot commands for PR fixes and workflow failures.

Kedasha Kerr walks through how to publish a static site from a GitHub repository using GitHub Pages, covering both branch-based deployment and a GitHub Actions workflow, plus how to set up a custom domain with HTTPS.

Allison announces a new GitHub Actions limit: each workflow run can only be rerun up to 50 times (including partial job reruns), after which GitHub will return a failed check suite with an annotation explaining the limit.

Sandeep Sen announces Azure MCP Server 2.0’s stable release, focusing on self-hosted remote MCP servers, authentication options (managed identity and OBO), security hardening, and operational improvements to support agentic workflows that automate and manage Azure resources.

Christopher Harrison introduces GitHub Copilot CLI with a beginner-friendly walkthrough: install via npm, authenticate, grant folder permissions, and start prompting Copilot from your terminal (including delegating work to the Copilot cloud agent).

Allison shares a GitHub update: Copilot cloud agent now runs its built-in security and quality validation tools in parallel, cutting validation time by about 20%, while keeping the same checks (CodeQL, secret scanning, Advisory Database, and Copilot code review).

Arnaud Lheureux, davidwright, and sdaniels walk through a hands-on “agentic platform engineering” demo using Git-ape inside VS Code, where GitHub Copilot agents (via Azure MCP) can deploy and manage Azure infrastructure through validated, policy-aware actions.

The Visual Studio Code Team summarizes what’s new in VS Code 1.116 (Insiders), including updates to the Agents app (keyboard navigation, accessibility help, and file-context completions) plus CSS @import link resolution improvements.