Skip to content
  • Blog
  • Events
  • Help
  • Careers
  • Contact
New Signature
  • About
      • Company

        Cognizant Microsoft Business Group is dedicated to changing the way businesses innovate, transform and run based on a unique cloud operating model. You will now be redirected to our new microsite to learn more.

        View Company

      • Awards

        As a company, we are regularly recognized within the IT industry as well as the communities we serve.

        View All Awards
      • News

        Read the most up-to-date corporate announcements, Microsoft technology updates, innovative business solutions and learn more about how the Cognizant Microsoft Business Group can take your business even farther.

        View News

      • Partners

        New Signature works with a number of outstanding technology companies to deliver the best experiences to our customers.

        View Partners
      • Leadership

        Cognizant Microsoft Business Group’s executive team is comprised of innovative leaders with proven experience and deep industry expertise. You will now be redirected to our new microsite to learn more.

        View Leadership

      • Industries

        Our solutions are tailored to empower organizations across a wide range
        of industries.

        View Industry Experience
    Close
  • Solutions
      • Intelligent Enterprise
        Solutions

        Going Digital
        Unleash cloud capability, deliver change and compete at speed with a Microsoft digital operating model, enabling you to work more efficiently as you transform your IT environment. Learn More

      • Featured Solution

        Secure Cloud
        In a world of constant threat, ensuring that your underlying cloud platform is protected is the first step on your organization’s journey towards a secure, compliant operating environment. Learn More
      • Intelligent Workplace
        Solutions

      • Secure Workplace

        Work Anywhere

        Endpoint Health

        Identity Health

        Teamwork Support



        VIEW WORKPLACE SOLUTIONS
      • Intelligent Cloud
        Solutions

      • App Factory

        Azure Accelerator

        Azure Launchpad

        Azure Launchpad for DevOps

        Application Health

        Platform Health

        VIEW ClOUD SOLUTIONS
    Close
  • Services
      • Begin your journey towards becoming a digital business with GO, our unique end-to-end framework based on the Microsoft Cloud Adoption Framework.

        GO DIGITAL OPERATING MODEL
      • Intelligent Enterprise

      • Consulting

        We go beyond just technology to help your organization understand how digital can help you uniquely differentiate and better serve your employees and customers.

        VIEW ENTERPRISE SERVICES
      • Intelligent Workplace

        • Identity

          Identity is your new first-line-of-defense. It’s vital to your users and clients that your identity platform is properly configured and secured.

          Endpoint

          Whether your devices are on-premises or remote, personal or business-owned, we can ensure they are properly managed and protected.

          Teamwork

          Today’s workforce is collaborating than ever before.  We can empower your current teams with tomorrow’s progressive technologies.

          VIEW WORKPLACE SERVICES
        • Intelligent Cloud

          • Platform

            The cloud is no longer some future-state. It’s the here and now. Adopting a cloud-first platform is one of the best ways to maintain a future-proofed competitive advantage.

            Applications

            We build cloud-native apps and modernize legacy systems with the power of Azure to give your organization a competitive edge.

            Data

            We can help your organization create secure, scalable data platforms to deliver simpler and more sophisticated insights to your business.

            VIEW CLOUD SERVICES
        Close
      • Client Stories
          • Case Studies

            Browse a comprehensive list of companies who have created successful partnerships and experienced transformative solutions with New Signature.

            View All Case Studies

          • Featured Case Study TalkTalk Modern Workplace

            New Signature worked with TalkTalk to define a new Modern Workplace solution based on Microsoft 365, which kept the user firmly at the center of the transformation.
            View Case Study

          • Testimonials

            We love transforming our customers businesses, take a look at what they have to say about New Signature.

            View Testimonials

          • Featured Testimonial Davis Construction

            With New Signature’s help, Davis was able to take a progressive step forward by migrating their private branch exchange (PBX) phone system to a Voice of Internet Protocol (VoIP) system.
            View Testimonial

        Close
      • Explore
          • Guides & Ebooks

            Dive deeper into education with your team by leveraging our expert-developed guides and eBooks.

            View All Guides & Ebooks

          • Infographics

            Rich with statistics and information, our infographics are great tools for quick but insightful learning.

            View All Infographics
          • Podcast: Office Explorers

            Join Kat and Rob monthly as they chat with New Signature experts and explore the world of O365.

            Listen to Podcasts

          • Videos

            Visit our videos stream to access recorded webinars, service information and to learn more about us.

            WATCH ALL VIDEOS
          • Flyers

            Searching for information about our services? Our flyers are a great takeaway for all those details.

            VIEW ALL FLYERS

          • Featured Stream

            Learn more about the tooling and expertise required to unlock productivity and mobilize your teams.

            MODERN WORKPLACE
        Close
        Close
      Blog

      Security Focused Development with GitHub

      New Signature / Blog / Security Focused Development with GitHub
      November 13, 2020November 18, 2020| Chris Ayers

      As a long-time developer and architect, security is important in everything I do. Having clean code and up-to-date libraries helps, but there are new vulnerabilities every day. One of the main concepts of DevOps is shifting left on things like testing and security. Shifting left means doing things as early in the process as possible to improve quality and security.

      Many people also don’t consider where their code is hosted other than being bundled with other software or supporting git or TFVC. I think that GitHub has changed that discussion completely by incorporating many security and developer-focused features that enables a shift-left mentality. Common maintenance tasks can be automated and every check-in can be scanned for secrets and vulnerabilities. These features are in addition to any quality checks you add to your normal pipelines.

      GitHub also has strong integrations with multiple platforms and systems. GitHub lets me integrate with Azure DevOps for Boards and Pipelines or other systems. This lets me keep my current workflow while upgrading my security and quality.

      Let’s look at three of the features that can Shift Left on Security and help us develop better software.

      Dependabot

      Software is always changing, including our dependencies. Not putting the time or effort into upgrading packages, libraries, and other dependencies can lead to vulnerabilities in our software. Dependabot takes care of that work for you. Dependabot can automatically update packages from npm, nuget, pip, docker and more. Dependabot automatically scans for outdated packages using semantic versioning (semver) to decide if it should update the package or not. If Dependabot finds something that needs updating, it creates a pull request (PR) updating the package reference. The Pull Request includes the changelog of the package, release notes, and sometimes a compatibility score to let you know if updating the package might cause issues. You can verify your tests pass and merge with confidence.

      Enabling Dependabot is as easy as visiting the Security & Analysis section of the settings.

      GitHub

      Secret Scanning

      Anyone with access to a repository that has secrets checked in could use that GitHubinformation to access the services leading to anything from a data breach to out-of-control costs. There used to be stories all over the news about checked-in keys and secrets being used to create VMs and resources for bitcoin mining, causing massive cloud bills or unauthorized access to systems and data. Many of these scenarios are automatically stopped now by catching keys as they go into repositories.

      GitHub automatically scans every public repository for known types of secrets. Every push is scanned for credentials, tokens, secrets or keys from many service providers like Azure, AWS, Google Cloud, npm, nuget and more.

      GitHub has partnered with those service providers to check if the credentials are valid, potentially revoking or reissuing credentials. This is a very common way attackers target organizations and GitHub’s solution helps prevent it.

      Code Scanning

      One of the newest features is Code Scanning and GitHub Advanced Security. This builds GitHubon the amazing work of Semmle and CodeQL. There are thousands of CodeQL queries written by GitHub and security researchers identifying CVEs (Common Vulnerabilities and Exposures) and other security issues. Code Scanning works by scanning your code with CodeQL, where your code is treated like data. CodeQL can identify security issues including variants across your codebase. Code Scanning integrates with GitHub Actions to ensure that every check-in is safe.

      Code scanning is free for public repositories. For private repositories, code scanning is available to GitHub Enterprise through Advanced Security. To enable Code Scanning, go to the Security tab of the repository. Here you can click Set up code scanning and create a workflow that scans your code.

      GitHub

       

      The three capabilities I discussed are a small slice of the security focus GitHub brings to development. DevSecOps, adding a Security focus to DevOps, is gaining a lot of traction and attention. In addition to securing your code and repositories, you should secure your pipelines and environments. The Microsoft Business Group has helped many organizations setup GitHub, migrate code and pipelines, and leverage GitHub Actions to build and deploy their code. We have the expertise that can help your migration or DevSecOps efforts successful. Contact us today to help improve your Software Deliver Performance.

      About the Author
      Chris Ayers is the Regional Lead for the Intelligent Cloud practice. Chris focuses on both Azure and DevOps. His goal is deliver value to end users faster, develop features more quickly, with higher quality, and more confidence. Chris has been developing software of some kind since second grade. Chris always tried to learn and share industry best practices around software development, software architecture, and agile practices. Chris enjoys spending time with family, playing video games, playing board games, reading, mentoring others, blogging, and public speaking.

      Categories
      Technical Reviews
      Contact New Signature

      Blog Posts

      • Agile Delivery for Large Scale Data Ingestion using Azure Data Explorer
      • Implementing Cloud Adoption Framework Across Vida Homeloan’s Organization
      • Cognizant Microsoft Business Group Achieves Microsoft Advanced Specialization for Windows Virtual Desktop
      • Cognizant’s Experience Lab for Continuous Testing with Azure

      Managed Services

      Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent fermentum, enim ac dignissim aliquet

      VIEW ALL MANAGED SERVICES

      Professional Services

      Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent fermentum, enim ac dignissim aliquet

      VIEW ALL PROFESSIONAL SERVICES

      New Signature

      About

      • Company
      • Awards
      • News
      • Leadership
      • Partners
      • Industries

      Solutions

      • Intelligent Enterprise Solutions
      • Intelligent Workplace Solutions
      • Intelligent Cloud Solutions

      Services

      • GO
      • Intelligent Enterprise
      • Intelligent Workplace
      • Intelligent Cloud

      Client Stories

      • Client Stories
      • Testimonials

      Explore

      • Guides & Ebooks
      • Podcasts
      • Flyers
      • Infographics
      • Videos
      Copyright © 2023 New Signature
      • Blog
      • Events
      • Careers
      • Help
      • Anti Slavery
      • Privacy Policy
      • Contact
      • About
        • Company
        • Awards
        • News
        • Leadership
        • Partners
        • Industries
      • Services
        • GO
        • Intelligent Enterprise
        • Intelligent Workplace
        • Intelligent Cloud
      • Client Stories
        • Case Studies
        • Testimonials
      • Technologies
      • Explore
        • Guides & Ebooks
        • Infographics
        • Podcast: Office Explorers
        • Videos
        • Flyers
      • Blog
      • Events
      • Careers
      • Contact
      • Search
      Cookie Settings
      New Signature uses "Required Cookies" to run our website, "Functional Cookies" used by third parties to personalise marketing, including social media features.

      Change your preferences by clicking the “Cookie Settings” link at the bottom of every page. Learn more about cookies in our Cookie Policy and our Privacy Policy. By clicking the “Accept Cookies” button below, you consent to our use of cookies.

      Please note that “Required Cookies” will be set regardless of your consent.
      Cookie SettingsAccept Cookies
      Privacy & Cookies Policy

      Privacy Overview

      This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
      Targeting

      Targeting Cookies are used to capture user information in order for New Signature to deliver better user experiences.

      Performance

      Performance Cookies provide Content Delivery Network assets that deliver faster site content delivery capabilities.

      Required

      These cookies are required mainly in order to deliver Multilanguage site capabilities.

      Functional

      Functional Cookies allow us to provided advanced media capabilities including videos, surveys and other multimedia capabilities.

      Disabling Functional cookies will block the playing of videos and other multimedia site components.

      Save & Accept