Search
1000 results for “Rob_Bos”
-
Bold move, but it has to be done somewhere. #GitHub #Actions; All Actions will run on Node20 instead of Node16 by default https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default
Research shows that ~50% of the Actions marketplace still uses an older version of node, so this might hurt some folks that have not kept their dependencies up to date.
Yes, the components of your pipelines is also #SupplyChainManagement!
-
Very nice explanation from GitHub on how to cut through the noise: How to prioritize Dependabot alerts https://github.blog/security/application-security/cutting-through-the-noise-how-to-prioritize-dependabot-alerts/
-
Massive improvement that we’ve been waiting for!
Dependabot helps users focus on the most important alerts by including EPSS scores that indicate likelihood of exploitation, now generally available - GitHub Changelog https://github.blog/changelog/2025-02-19-dependabot-helps-users-focus-on-the-most-important-alerts-by-including-epss-scores-that-indicate-likelihood-of-exploitation-now-generally-available/
-
Code security configurations are now GA https://github.blog/changelog/2024-07-10-code-security-configurations-are-now-ga
I wrote about how much easier it is and how it helps with the rollout of #GHAS here: https://devopsjournal.io/blog/2024/04/27/GHAS-code-security-configuration
-
CodeQL can scan C# projects without requiring working builds (public beta). This will make it a lot easier when rolling out CodeQL initially! Now you can run a scan on your entire organization to see what you don’t know, and define a strategy based on the results! It saves time since you do not have to go on a team by team basis to enable them with a custom build config to get the information out of code scanning.
-
This is awesome! Ran into this today during a training and loved it! So much more intuitive and thus very useful ❤️ #GitHub #GHAS
Advanced filtering capabilities for the security overview dashboard https://github.blog/changelog/2024-04-04-advanced-filtering-capabilities-for-the-security-overview-dashboard
-
The #GHAS team keeps on adding helpful tools to manage Advanced Security better! Code security configurations let organizations easily roll out GitHub security products at scale - The GitHub Blog https://github.blog/changelog/2024-04-02-code-security-configurations-let-organizations-easily-roll-out-github-security-products-at-scale/
-
More welcome updates for #GHAS users (GitHub Advanced Security)!
Security overview dashboard: Alert age trends, custom repository and severity filters, and date pickers https://github.blog/changelog/2024-03-20-security-overview-dashboard-alert-age-trends-custom-repository-and-severity-filters-and-date-pickers
-
Interesting read on the Mercedes secret and thus repo access leak: https://www.reversinglabs.com/blog/lessons-from-the-mercedes-benz-github-source-code-leak
TL;DR: access token in personal repo accidentally uploaded. The PAT had access to all internal orgs and repos as well.
So even if the company has configured things like #GHAS on their own things, the personal token still leaked with all the consequences.
So no real way to prevent this. SSO and approval might work, but in the end: still the same result.
-
The #GitHub Advanced Security for Azure DevOps Extension now has new functionality:
- Overall project level dashboard to group info across repos (this is a much needed one!)
- Includes a longer trendline as well
- New trendline showing the status of the alerts, to track progressFind it in the marketplace: GHAzDoWidget
Feedback welcome!
-
I’ve got a layover in Copenhagen on my way to goto; Aarhus to talk about GitHub Advanced Security (GHAS) and noticed that Microsoft announced GHAS for Azure DevOps!
Want to learn all about it? Then read my post on it, hot off the press!
https://devopsjournal.io/blog/2023/05/23/GitHub-Advanced-Security-Azure-DevOps
-
Did you know that you can now enable #GitHub Advanced Security features for all your personal repositories in one go? Go to https://github.com/settings/security_analysis to enable them!
Want to learn more about GitHub Advanced Security? Check out my LinkedIn Learning course on it! https://www.linkedin.com/learning/github-advanced-security/github-advanced-security?autoplay=true
-
Next week is Techorama in The Netherlands 🥳. Looking forward to it a lot! Come join me on Wednesday to learn more about GitHub’s FREE (for open source repos) security features to protect your codebase!
Since this event takes place in a movie theater, there are film posters for some sessions and they are a-mee-zing!!!! Thanks for this one 🎉!
#Techorama #GitHub #Xpirit #SharingKnowledge
Find the agenda here: https://techorama.nl/agenda/
-
Next week is Techorama in The Netherlands 🥳. Looking forward to it a lot! Come join me on Wednesday to learn more about GitHub’s FREE (for open source repos) security features to protect your codebase!
Since this event takes place in a movie theater, there are film posters for some sessions and they are a-mee-zing!!!! Thanks for this one 🎉!
#Techorama #GitHub #Xpirit #SharingKnowledge
Find the agenda here: https://techorama.nl/agenda/
-
Next week is Techorama in The Netherlands 🥳. Looking forward to it a lot! Come join me on Wednesday to learn more about GitHub’s FREE (for open source repos) security features to protect your codebase!
Since this event takes place in a movie theater, there are film posters for some sessions and they are a-mee-zing!!!! Thanks for this one 🎉!
#Techorama #GitHub #Xpirit #SharingKnowledge
Find the agenda here: https://techorama.nl/agenda/
-
Next week is Techorama in The Netherlands 🥳. Looking forward to it a lot! Come join me on Wednesday to learn more about GitHub’s FREE (for open source repos) security features to protect your codebase!
Since this event takes place in a movie theater, there are film posters for some sessions and they are a-mee-zing!!!! Thanks for this one 🎉!
#Techorama #GitHub #Xpirit #SharingKnowledge
Find the agenda here: https://techorama.nl/agenda/
-
-
-
-
-
It’s been a long wait, and now PR annotation is finally there for #GHAzDo!
Introducing Pull Request Annotation for CodeQL and Dependency Scanning in GitHub Advanced Security for Azure DevOps - Azure DevOps Blog https://devblogs.microsoft.com/devops/introducing-pull-request-annotation-for-codeql-and-dependency-scanning-in-github-advanced-security-for-azure-devops/
-
I created a new extension for Azure DevOps that shows the number of open security alerts from #GitHub Advanced Security for the configured repository.
Let me know what you think! Suggestions welcome in the repo because of course it is open source!
#GHAzDo #AzureDevOps #MyFirstExtension
https://marketplace.visualstudio.com/items?itemName=RobBos.GHAzDoWidget
-
This rite of a Washington spring is now 20 years old
Thursday was not like any other day this week–but it did fit into a pattern that set in starting in 2005. Meaning, I once again had no other choice but to take off work to go to the Washington Nationals’ home opener.
My first 15 years of life in and around the District did not include that rite of spring, because major-league baseball (as opposed to intern softball on the Mall) was an other-cities proposition. But I cleared my afternoon for the Nats’ home opener at RFK that April, and the experience was epically worth the work avoidance.
My wife and I have stayed in the same 20-game partial-season-ticket group ever since, so almost every March or April has treated us to this seasonal event.
Parts of it have changed immensely–especially with the team’s move from RFK and the peeling paint inside that concrete donut to Nats Park in 2008.
Where RFK had no neighborhood bars and restaurants for pregame and postgame enjoyment, the blocks north of Nats Park have filled in with residential, office and hotel buildings. To the south, D.C. has replaced the ugly metal hulk of the former Frederick Douglass Memorial Bridge with the soaring arches of its successor over the Anacostia. And to the west, Audi Field hosts the other beautiful game as played by D.C. United and the Washington Spirit.
The neighborhood has overall improved so much since I was reviewing the occasional concert at the Capital Ballroom almost 30 years ago, and I love that.
Inside and just outside Nats Park, some traditions have held while others have flown in the breeze like the World Series championship flag that has graced our ballpark since 2019.
On one hand, hearing the aptly-named D.C. Washington sing the national anthem every year is a treat that fans of no other MLB franchise get. And no other team gets flyovers of F-16s from Joint Base Andrews.
On the other hand, I thought in 2005 that presidents throwing out a ceremonial first pitch would be a regular feature for Nats home openers. But after George W. Bush’s high strike in 2005 and Barack Obama’s comparable throw in 2010, other people have done the honors.
(Thursday featured Washington Post sports columnist Thomas Boswell, who has more than earned that recognition on his way to Cooperstown.)
I get that Joe Biden and Donald Trump don’t have the arms to keep the ball out of the dirt–and that Trump’s fragile ego couldn’t stand being booed by Nats fans who rightly disapprove of his authoritarian garbage–but we do need to bring that tradition back.
And, yes, the Nats have been wildly uneven in their home openers. Thursday was no exception, even between innings: MacKenzie Gore struck out 13 and allowed only one hit and zero walks in six innings, but then the Nats squandered that standout start to lose 7-3 to the Phillies.
That’s not a great beginning of the season. But I will, of course, be in the stands on Sunday.
#ballpark #baseball #firstPitch #flyover #homeOpener #MLB #Nationals #NationalsPark #Nats #NatsPark #openingDay #RFK #stadium #WashingtonNationals
-
Weekly output: Most Innovative Companies, Serve Robotics, Android 17, United Airlines’ ambitions, Polymarket’s pop-up bar
CHICAGO–This is one of my favorite cities in the U.S., but it doesn’t show up in my work travel as often as I’d like. So I’m delighted that the Online News Association decided to move its annual conference from late summer to early spring and then stage this year’s event here–in a hotel that should be familiar to everybody who’s seen The Fugitive.
Patreon readers got a bonus post that I’d meant to have written weeks earlier: a recap of MWC Barcelona in which I also gave away a global eSIM to the first reader to ask for it.
3/24/2026: The most innovative robotics and engineering companies of 2026, Fast Company
This list, the product of months of research and editorial back-and-forth, finally emerged online this week. And then we had to run a quick correction after one of the companies honored said that we’d mentioned an achievement that they did not want disclosed.
3/25/2026: Delivery Robots Have a Mapping Problem, PCMag
I sat down in a hotel lobby in Austin during SXSW with MJ Burk Chun, co-founder and vice president of product and design at Serve Robotics, to talk about the issues that company is working to address as it tries to scale up having four-wheeled robots cart food deliveries to customers.
3/27/2026: Google Ships Latest Android 17 Beta. Here’s What’s New, PCMag
In between having so many longer stories to write, I was happy to get one that I could bang out in an hour or so.
3/28/2026: United’s New Upgrades Aim to Keep You Online and Fully Charged at 35,000 Feet, PCMag
My week started with me flying to another one of United’s hubs–with the airline covering my airfare and lodging–for its United Elevated event at LAX. In addition to looping me into UA’s ambitions for its onboard product, this event doubled as a reunion with some of the avgeek journalists I met at Cranky Dorkfest in September and with my former Washington Post colleague Lori Aratani, who interviewed United CEO Scott Kirby onstage Tuesday morning.
3/29/2026: Pints meet prop bets: Polymarket’s “Situation Room” pop-up bar in DC, Ars Technica
I thought I saw an opportunity to write for this occasional client for the first time since the summer of 2023; fortunately, my editor then and now agreed.
#AIMIntelligentMachines #Android17 #Austin #BostonDynamics #Chicago #deliveryRobots #Dexterity #ForwardXRobotics #GlacierRobotics #Infravision #LAX #LosAngeles #LucidBots #ONA #OnlineNewsAssociation #ORD #Polymarket #predictionMarkets #RobustAi #ServeRobotics #sxsw #Symbotic #TerabaseEnergy #UA #United #UnitedAirlines
