Ken Muse
Preventing GitHub Actions Injection Attacks
If you can code it, someone will find a way to exploit it ( accidentally or intentionally). Anytime development efforts are involved, it’s important to minimize security risks and bugs. This is also true with GitHub Actions, which allows you to script advanced automation solutions. Because of this, it’s important to understand where injection can occur and how to avoid it.

Read this article

The Life of a Commit After Git Squash
Git has some interesting behaviors built into it. For example, it makes it easy to squash a set of commits into a single commit. This creates a very simple history. But what happens if that history that you’re eliminating has a tag applied to it? Does that tag get eliminated? Does it point to the newly squashed commit? Today’s article explores what to expect in that situation … and why.

Read this article

Understanding Push Triggers and Branches in GitHub
It can sometimes be challenging to understand how branches work with the process of triggering Actions workflows in GitHub. Can you have a workflow per-branch? What about child branches? Plan your strategy with confidence by learning when the Actions workflow will run.

Read this article

Modeling the Hidden Costs of Development
In the last post, we explored the expensive nature of technical debt and bad development practices. Today, we look at how to create financial models that help you to understand your actual costs.

Read this article

The Hidden Costs of Bad Development Practices
Bad development practices create debt. The interest on that debt can literally make or break a company, and nobody is immune. With Internet Explorer becoming the latest casualty, it’s a good time to explore the problem.

Read this article