Overview I realized that there wasn’t any content of me speaking on the internet, just blogging, so I thought I would at least create one! This is a video I created to explain the features of GitH...

A Lap Around GitHub Advanced Security (30m Video)

Configure GitHub Dependabot to Keep Actions Up to Date
Overview You probably know that Dependabot can be used to update your packages, such as NPM or NuGet, but did you also know you can use it to keep Actions up to date in your GitHub Actions Workflo...

My macOS Development Environment: iTerm2, oh-my-zsh, and VS Code
Overview A new team member had just joined my team at GitHub and it was their first time using macOS as the primary work machine. They had asked if I had any tips on setting up your local developm...

Configure actions-runner-controller without cert-manager
Overview actions-runner-controller is a great way to set up self-scaling GitHub runners in a Kubernetes cluster. This allows teams to scale up their self-hosted runners as more jobs are queued thr...
Delete GitHub Branch Protection Rules Programmatically
Overview After a migration, or maybe when doing cleanup, you may want to delete branch protection rules in bulk. Instead of having to click through each branch protection rule individually, I wrot...

GitHub: Block Pull Requests if a Vulnerable Dependency is Added
Overview GitHub has added a new Dependency Review action to help keep vulnerable dependencies out of your repository! One of the complaints with the way Dependabot Security Alerts works in GitHub ...
How to use gh auth login CLI Programmatically in GitHub Actions
Overview Quick post here since I have to search for this every time I try to use the gh cli in GitHub Actions. In order to use the gh cli, you typically have to run gh auth login to authenticate. ...
Migrate Azure DevOps Work Items to GitHub Issues
Overview Quick post since most of this is in the README in the repo, but I created a Powershell script to migrate Azure DevOps work items to GitHub Issues. It’s certainly not perfect, but there wa...

Use Dependabot in GitHub with Azure Artifacts
Overview If you have heavy investment in Azure Artifacts, it can be hard to fully transition to GitHub Packages. However, there is a bit of a transition. In GitHub, while you can see a list of pac...
Ignore Files in GitHub CodeQL Analysis
Overview I was recently working with a customer and we flipped on the security-and-quality query suite and received a a lot of results, mostly in our tests. We wanted a way to ignore these files f...