Many companies and teams focus on technical security solutions that lock down development and innovation to avoid risk. To protect their systems, they often end up making it harder for developers to do their jobs (and less secure in the process). What if I told you there was a better way? If you start with people and process first, you can create a secure CI/CD pipeline that balances safety and speed.

Securing DNS isn’t necessarily enough to protect your CI/CD environments. An application can connect directly to an IP or talk to an outside DNS service. In this post you’ll learn use iptables and ip6tables to restrict outbound DNS and block common DNS-over-HTTPS providers on GitHub-hosted runners.

Lately I’ve seen people spin up self-hosted runners just to lock down network egress. That creates maintenance overhead – and your time is valuable. You may not realize this, but you can restrict outbound domains while still using GitHub-hosted runners. In this post you’ll learn how to use a local Unbound allowlist so only approved domains resolve.

Managing a cluster of machines that each need to clone a large repository? Wondering how you can make it faster to clone a Git repo on the other side of the world? In this post, you’ll learn how Git’s reference option can dramatically reduce clone times and bandwidth usage. You’ll also learn how Git handles missing objects when your reference is out of date.

Ever tried to publish a JavaScript package to GitHub Packages with Yarn 4 and felt buried in docs that only cover npm or classic Yarn? You end up piecing together modern guidance from half answers. The good news: it’s actually straightforward. Let me walk you through a clean, repeatable setup.

While AI tools like GitHub Copilot are revolutionizing software development, they’re not replacing developers—they’re amplifying them. Learn why companies that think they can eliminate developers are making a costly mistake, and how the smartest organizations are using AI to make their teams faster and more effective than ever. And learn how you and AI will be working together to create even more value.

Ever found yourself stuck mid-feature when a production bug demands immediate attention? What about when a colleague asks if you can take a quick look at some code? We’ve all been there, trying to safely commit incomplete work or juggling stashes so we can switch between Git branches. What if I told you Git has had a solution for over a decade (and that VS Code just added support)? Learn how Git worktrees can reduce your friction!

Ready to finish crafting your CodeQL Actions runner image? Following up on my previous post, it’s time to add Python 2 support to the Docker image. You’ll add to the multistage build, learn how to preserve symbolic links, and learn a trick for unpacking archives without needing to copy the archive into the image first.

Have you struggled with running CodeQL analysis on your own runners? You’re not alone. I figured that it was probably time to tackle this challenge to show you how to build the image, a few advanced Docker tricks, and a way to incorporate the scripts that the Actions team uses to build the official hosted runner VM images.

Buildroot comes with a lot of great features, but what good is a custom image if you can’t add your own binaries? In this post, I’ll show you how to create a custom Buildroot package that uses a pre-compiled binary. I’ll walk you through the steps to create a package for the GitHub CLI, including how to configure it, define its dependencies, and how to install the package into your custom image.