Trying out the built-in container support for the .NET SDK

A few months ago the built-in container support for the .NET SDK was announced. In this post I’ll put this feature to test, I’ll try to migrate from an application that contains a rather complex Dockerfile to a new version that has no Dockerfile and instead uses the container support feature.
Read more →

How to deploy an Azure resource using Terraform when it is not available in the AzureRM official provider

This post is going to walk you through the options available when we want to create or update a service on Azure using Terraform, but it is not available on the AzureRM Terraform provider.
Read more →

How to notify AWS events to Microsoft Teams using AWS EventBridge and AWS Lambda

An AWS event indicates a change in a service, and in this post I want to show you how you can notify those events to a Microsoft Teams channel using AWS EventBridge and AWS Lambda.
Read more →

Keep your .NET platform images up to date using AWS ECR and Azure Pipelines

When talking about containers security on the enterprise one of the best practices is to use your own platform images, those platform images are the base for your company applications. In this post I’m going to show you an opinionated implementation of how to automate the creation and update of your own .NET platform images using Azure Pipelines and AWS ECR.
Read more →

How to easily check on your CI/CD pipelines if your app has a NuGet package with a security vulnerability

Almost any dotnet application has several NuGet dependencies, and those dependencies may have their own dependencies, and so on and so forth. What if any of those dependencies you’re using contains a security vulnerability? You can check on your CI/CD pipeline if your application has any known NuGet vulnerability with just a couple of lines of bash script.
Read more →

Linting a .NET 6 app Dockerfile using Hadolint, dockerfile_lint and Azure Pipelines

Like any other language, Dockerfiles can and should be linted for updated best practices and code quality checks. In this post I will show you how to incorporate a couple of Dockerfile linters into our Secure DevOps workflow to ensure our Dockerfiles are always readable, understandable and maintainable.
Read more →

How to bootstrap Terraform and Azure DevOps to start deploying your infrastructure as code to Azure

Deploying infrastructure as code on Azure using Azure Pipelines and Terraform requires a minimal bootstrap process. This process can be done manually, but you’ll have to do it every time you want to start deploying resources into a new subscription. So, having some kind of automation seems the way to go here. And that’s exactly what I want to show in this post, how to programmatically bootstrap an Azure subscription and an Azure DevOps project to start deploying Infrastructure as Code with Terraform.
Read more →

Testing how to use some container vulnerabilities scanners with Azure Pipelines

Vulnerability scanning allows us to review the security state of the container images and take actions to fix issues identified during the scan, resulting in more secure deployments. In this post I will be covering how you can use some of the most well-known scanners alongside with your Azure DevOps CI/CD YAML Pipelines.
Read more →

Trying to setup an Azure DevOps organization using Terraform

On today’s post I want to test the Azure DevOps Terraform provider and that’s why I’ll be trying to automate the setup of an Azure DevOps organization using it.
Read more →

An opinionated approach about how to create an AWS ECS Fargate cluster and deploy apps on it using Azure DevOps Pipelines

These past couple of weeks I’ve been tinkering with AWS ECS Fargate and after losing some time tackling different approaches I thought it might be useful to write down what I ended up building, so without further ado let’s dig in.
Read more →

Provisioning resources on AWS using AWS CDK and Azure DevOps Pipelines

In today’s post I will show you how you can deploy an AWS CDK application using Azure DevOps.
Read more →