In partnership with

Welcome back, and for all the new subscribers, welcome aboard!

To ensure you keep getting these updates seamlessly, please move this email to your primary inbox or mark it as important. A quick reply like "got it" also helps boost visibility. This edition covers exciting topics such as:

• Sign up for Copilot Chat Extensions

• Autofix vulnerabilities and workflow assistance

• Safeguard your artifacts

• What are really REST APIs?

• Improve your Xunit testing strategies

New here? Subscribe to stay updated. Let's dive in.

GitHub Digest

Are you using the Copilot Chat functionality and wish you could interact with third party components? Then the GitHub Copilot Extensions can be an exciting solution.

You find the extensions on the marketplace where they can be installed to one or more repositories and given access to Copilot chat.

When installed, just mention the extension using their name prefixed with a @ character. So when you installed the Docker extension, you invoke the extension by mentioning @docker and get specific help on docker related questions.

So signup quickly for this waitlist so you can explore Extensions in Copilot as well!

It is good practice to scan for security vulnerabilities and their are all kinds of tools available to help you with this. But what do you do when these tools detect a potential vulnerability in your code?

Most developers will have trouble creating a solution or at least take too much time to come up with one.

With Copilot Autofix, GitHub tries to directly suggest a code fix for a vulnerability it found. It explains why the code has the issue as well and allow you accept a code fix.

This helps teams to act faster on found vulnerabilities and is a great example of shift left practices when developing new code, but also works on existing code when it is scanned by the GHAS code scanner.

All GitHub Advanced Security customers have access to this feature and, in September, it will also be available for public repositories.

Want to know what is happing at GitHub in Q3, like upcoming Copilot features, AI solutions, or other roadmap items? Then have a look at their latest webinar recording.

Another security vulnerability, this time in artefacts. Artifacts are used to share data between workflow jobs. It appears there is a token in the workflow artifact store which can be retrieved during workflow execution (or even 6 hours after) and can be used to get access to sensitive data.

This applies mostly to public repositories, but make sure you start using version 4 of GitHub artifacts actions.

A new preview feature for Copilot Enterprise users will help you with workflow issues. When your build is not working or you want more information about the actions used, then the updated Copilot can help you with this as well now.

This is a beta feature which you can opt in to and you need to have an Copilot Enterprise license.

Coding Corner

So many times I see people talking about their REST services while not really knowing what REST is. And most of the time, they forget the HATEOAS part, which brings the REST API at level 3.
If this sounds vague and unknown, then read up in this excellent Martin Fowler article about the different levels of REST apis.

Dylan Beattie recorded a great take on this; we should be talking about HTTP APIs instead, or maybe we should not care too much…?

Alhough not directly coding, but related to it: when do you standardise and when do you allow for autonomy?

There are certainly places where some sort of standardization is needed, but allowing people to organize their own work has value as well.

The article descibes when it is best to standardise, and what better to leave to individuals.

.NET Nook

I wrote about Aspire before, and most of the mentioned articles assume you start fresh and use the Aspire templates. But what if you already have a dotnet project and you want to add Aspire to it?

Jon Galloway gives you step by step instructions on how to add the various components to you application.

When you write unit tests with Xunit, you use either the Fact or the Theory attribute. The Fact makes is a parameterless test, while Theory offers different mechanisms to add input data, so you can run your test with different combinations.

But you still need to supply those values. Which is no longer needed with the Xunit.Combinatorial solution. Andrew Lock shows the benefit (and drawbacks) of this solution to reduce writing test cases.

Closing Thoughts

Thank you for reading this week’s edition!

Your feedback is invaluable, so if you have any thoughts, questions, or suggestions, please don't hesitate to reach out by simply replying to this mail.

If you enjoyed this update and want to continue receiving more, make sure to subscribe here.

I appreciate your time and look forward to hearing from you!