It has been 2.5 years from my last in person event, what a pleasure it was to see an email arrive with an invite to attend Microsoft Build UK in person event! What a totally epic event it was, met a lot of people who I have spoke to online but didn’t have the chance to meet!
I’ve wrote a quick blog of the day, sessions attended and some key announcements & points of interest.
Sessions I checked out
1. Design, develop, deploy and run secure applications with GitHub
DevSecOps – always an interest point and discussion with any DevOps journey, the use and practices of DevOps from a Security perspective!
Security practices should be automated and baked into DevOps in a pervasive manner.
Shifting lifting… I really recommend this being attempted, as soon as possible! Preferable at the start of the DevOps journey – if not.. Still asap! Introduce security into the dev lifecycle. So many options available and areas to look at, with GitHubs advanced security capabilities, that include:
- GitHub Code Scanning https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning
Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors. Any problems identified by the analysis are shown in GitHub.”
You can use code scanning to find, triage and prioritise all those fixes, finishing with some quality alerts to assist you and your security development – awesome!
- CodeQL https://codeql.github.com
A pretty cool analysis engine that allows you to discover potential vulnerabilities across your codebase using an industry leading semantic code engine.
Write a query to find all variants of a vulnerability, eradicating it forever.
There are two main ways to use CodeQL analysis for code scanning:
- Add the CodeQL workflow to your repository. This uses the github/codeql-action to run the CodeQL CLI. For more information, see “Setting up code scanning for a repository.”
- Run the CodeQL CLI directly in an external CI system and upload the results to GitHub. For more information, see “About CodeQL code scanning in your CI system .”
- GitHub Secret Scanning https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning
Receive automatic notifications of any potential secrets or API tokens that have been commited! GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.
- GitHub Dependency review (https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)
Imaging the ability to catch vulnerabilities before you introduce them to your codebase? You can with GitHub dependency review!
- GitHub Security Overview (https://docs.github.com/en/code-security/security-overview/about-the-security-overview)
Liking the previous GitHub features? Lets finish with GitHub security overview, a single pane of glass for all things Security, check it out 🙂
2. Introducing F5 NGINX for Azure: An Azure Native SaaS Solution for Modern App Delivery
An announcement from Microsoft Build was introducing F5 Nginx for Azure – Load Balancing (https://www.nginx.com/blog/introducing-f5-nginx-for-azure-load-balancing-available-natively-as-saas-offering-on-microsoft-azure/)
Having used Nginx on a number of projects, it was great to see a demo of this in use!
Out of the box, it works really well with a number of features and considerations:
- Nginx deployments can become complex, this helps to reduce complexity – having another PaaS service in your environment, no need to worry about any IaaS considerations such as patching!
- Lift and shift your Nginx configurations to the cloud, functionality available to make it a lot more easier to lift and shift!
- Adavanced features include native GitHub CI/CD workflows for creating and updating your configurations!
- Azure monitor metrics available
3. Containers with Azure Container Apps and GitHub Actions
Another HUGE announcement was that Azure Container Apps are now GA!! (https://azure.microsoft.com/en-us/services/container-apps/)
What is container apps? A snippet direct from Azure:
Deploy containerized apps without managing complex infrastructure. Write code using your preferred programming language or framework, and build microservices with full support for Distributed Application Runtime (Dapr). Scale dynamically based on HTTP traffic or events powered by Kubernetes Event-Driven Autoscaling (KEDA).
- Flexibility ofg writing code using your own language and framework
- Awesome autoscaling capabilities which can be based on the standard HTTP traffic and even event triggers!
- Ci/CD workflows
I’ve written a blog post in this area which I recommend you checking them out: Deploy to Azure Container App from Azure Container Registry using a CI/CD Azure DevOps Pipeline and Azure CLI
4. Embracing Collaborative fusion development to build better applications faster
A really interesting session, kicking off with multiple references to low-code/no-code solutions and the current problem there is, software developer supply is failing behind demand!
What can be done to assist with this? Fusion Development!
You may be wondering, what is Fusion Development? It is the union of Pro Developers and Low Code Developers do:
- Build applications faster
- Reduce backlog
- Close the App Gap Challenge
- Create an innovation ecosystem
5. Cloud Native and App Modernisation
Two huge interests of mine, Cloud Native and modernisation of Apps! Azure really does cater for both, so so well!
Cloud native applications are built from the earth up—optimised for cloud scale and performance. They’re based on microservices architectures, use managed services, and take advantage of continuous delivery to achieve reliability and faster time to market.
Check out further on Azure Cloud Native
Introduction to Cloud Native Applications
Modernize your applications and data to accelerate time to market and deliver new experiences. Achieve greater agility and scale with built-in security and high availability.
Additional resources I suggest you review
Resources I suggest you to review:
Azure Security Documentation
Microsoft UK Developer Hub
Microsoft UK Community Map
Microsoft Build Book of News
The end of another great event!
Was an awesome event, really enjoyed the sessions and chatting to so many that I’ve met virtually over the past couple of years!
Great sessions, great people – what a day!