Securing DNS isn’t necessarily enough to protect your CI/CD environments. An application can connect directly to an IP or talk to an outside DNS service. In this post you’ll learn use iptables and ip6tables to restrict outbound DNS and block common DNS-over-HTTPS providers on GitHub-hosted runners.

Lately I’ve seen people spin up self-hosted runners just to lock down network egress. That creates maintenance overhead – and your time is valuable. You may not realize this, but you can restrict outbound domains while still using GitHub-hosted runners. In this post you’ll learn how to use a local Unbound allowlist so only approved domains resolve.

Need to authenticate with different Git repositories using various credentials? This post explores how to dynamically authenticate with Git using credential helpers, environment variables, and secret management systems.

Ever wondered how Git actually authenticates with remote repositories? Ever needed to configure different credentials to access different repositories? This article dives into the inner workings of Git authentication, exploring the role of credential helpers, how they are implemented, and how to customize them for your needs.

In this post, we’ll continue the exploration of Gitsign by extracting some of the attestation data from a signed commit and using it to check how the code was built. This will help you understand how you can use the attestation data in your workflows.

Worried about securing your source code supply chain for GitOps and other processes? Learn how to implement automated signing in CI/CD pipelines, verify commit authenticity using transparency logs, and leverage GitHub OIDC tokens with Gitsign for keyless commit signing.

Every journey begins with a first step. Learn how eliminating data leaks and implementing privacy controls led my wife and I to build a smarter home.

So many times, teams use “it should work” as the reason why their software or processes don’t require testing. For example, the code is so simple, it should work. Or, the code was tested on Linux, so it should work on Windows. In reality, this can be dangerous at best … and fatal at worst.

The world of software development is changing rapidly. With Google’s latest announcement, part of how we deploy systems is getting ready to change for the better for nearly half of all companies. Are your teams ready for the challenge?

Ever needed to automate creating an Azure Entra ID (Azure Active Directory) application and federating it with GitHub? With just a little PowerShell, you can!