MindByte Issue #114: GitHub Security, Azure Innovations & Smarter .NET Monitoring

Author

Michiel van Oudheusden
March 18, 2025

In partnership with

Welcome back, tech enthusiasts! šŸš€

This weekā€™s edition is packed with GitHub security insights, Azure innovations, and practical .NET updates. From GitHub Actions security incidents to optimizing cloud costs with FinOps, thereā€™s plenty to explore.

Before we dive in, a quick heads-up: Next week, Iā€™ll be at the Microsoft MVP Summit, so there wonā€™t be a newsletter. Due to jet lag, the week after is also uncertainā€”but Iā€™ll be back soon with fresh insights!

Hereā€™s whatā€™s in store this week:

ā€¢ šŸ” GitHub Actions security risks & the end of long-lived PATs

ā€¢ šŸ’” Why great documentation is essential for developers

ā€¢ šŸš€ How Microsoft Copilot scales using Azure CosmosDB

ā€¢ šŸ—ļø Adding user login to Azure apps with just Bicep

ā€¢ āš” Monitoring .NET apps with Grafana & optimizing FinOps in Azure

With so much happening in the cloud and developer ecosystem, letā€™s dive in!

New here? Subscribe here to stay updated.

Sending out this newsletter is something I do with love, but it does cost money as well. It would really help me if you visit my sponsor:

Optimize global IT operations with our World at Work Guide

Explore this ready-to-go guide to support your IT operations in 130+ countries. Discover how:

  • Standardizing global IT operations enhances efficiency and reduces overhead

  • Ensuring compliance with local IT legislation to safeguard your operations

  • Integrating Deel IT with EOR, global payroll, and contractor management optimizes your tech stack

Leverage Deel IT to manage your global operations with ease.

Thereā€™s a reason 400,000 professionals read this daily.

Join The AI Report, trusted by 400,000+ professionals at Google, Microsoft, and OpenAI. Get daily insights, tools, and strategies to master practical AI skills that drive results.

Interested in sponsoring this newsletter? Contact me by replying!

GitHub Digest

My colleague Rob Bos, an MVP and GitHub Star, knows his stuff about GitHub Security, particularly about GitHub Actions. Recently, there was a security incident, and he wrote down his thoughts in this LinkedIn Pulse article:

Really keeping your GitHub Actions usage secure

Last Friday what we expected happened: a much used GitHub Action got compromised, read all about it here at the StepSecurity blog where they explain that they detected the issue and jumped into action: https://www.stepsecurity.

www.linkedin.com/pulse/really-keeping-your-github-actions-usage-secure-rob-bos-oc4qe

Personal Access Tokens are pretty handy; just a long string, you get access to whatever you want. Unfortunately; when someone else has that PAT as well, they can do the same.

Short-lived tokens are a more secure alternative, see how you can apply those in your workflows.

The end of GitHub PATs: You canā€™t leak what you donā€™t have

Ditch GitHub PATs for better security. Learn how to replace long-lived tokens and reduce your risk of leaked credentials.

www.chainguard.dev/unchained/the-end-of-github-pats-you-cant-leak-what-you-dont-have

Traditionally, you needed to buy GitHub Advanced Security as one complete add-on to your enterprise plan. That would give you all the components like secret scanning, dependency management, and code scanning.

Next month; there will be a license change, allowing you to buy secret scanning and code scanning separately. Read more to see how you can benefit from this change.

Evolving GitHub Advanced Security: Greater flexibility, easier to access

Starting April 1, 2025, GitHub Advanced Security (GHAS) will be unbundled and available as two standalone security products: GitHub Secret Protection & GitHub Code Security. Additionally, GitHub Team plan customers can purchase these security products without requiring a GitHub Enterprise subscription.

resources.github.com/evolving-github-advanced-security

Coding Corner

Do not underestimate the need for documentation. The easier a developer can get started with his/her tasks, the cheaper the operation will be.

Every Developer Deserves Great Documentation

Sixty minutes on the clock, a room full of cryptic clues, and no clear way out. Alex is up to the challenge. After all, theyā€™re a developer by day, so this eveningā€™s escape room should provide delightfully puzzling entertainment. Collecting hints from nearby objects, theyā€™ll rearrange them into enough solutions to break out. Except Alex [ā€¦]

everydeveloper.com/every-developer-deserves-great-documentation

Azure Updates & Insights

Did you know that MS Copilot is using Azure CosmosDB for their storage needs? Find out how they use this database to scale out to millions of users.

How Microsoft Copilot scales to millions of users with Azure Cosmos DB - Azure Cosmos DB Blog

Discover 3 ways Microsoft Copilot uses Azure Cosmos DB to manage data at scale, with low operational burden.

devblogs.microsoft.com/cosmosdb/how-microsoft-copilot-scales-to-millions-of-users-with-azure-cosmos-db

Bicep (and Arm) are mostly used for the management plane; you can instruct it to provision resources, but not access the data plane. For that, you need a system like Terraform. For example; you can deploy a database, but not do anything with that database like creating a user.

That is changing with the Graph extension, which gives you programmatic access to Entra ID. See how that works when you want to add a user login to your app using Bicep only.

Easily add login to your Azure app with Bicep

Did you know that you can now add user login to app deployed on Azure, with just Bicep code? No Portal, CLI, SDK, or app code needed!

techcommunity.microsoft.com/blog/azuredevcommunityblog/easily-add-login-to-your-azure-app-with-bicep/4386493

The FinOps toolkit is a collection of tools, processes and PowerBI dashboards to help you in the Azure FinOps world. Version 0.8 is released recently, so find out what is new.

Whatā€™s new in FinOps toolkit 0.8 ā€“ February 2025

Whether you consider yourself a FinOps practitioner, someone who's enthusiastic about driving cloud efficiency and maximizing the value you get from the cloud or were just asked to look at ways to reduce cost, the FinOps toolkit has something for you. This month, you'll find a complete refresh of Power BI with a new design, greatly improved performance, and the ability to calculate reservation savings for both EA and MCA; FinOps hubs have a new Data Explorer dashboard and simpler public networking architecture; and many more small updates and improvements across the board. Read on for details!

techcommunity.microsoft.com/blog/finopsblog/whatā€™s-new-in-finops-toolkit-0-8-ā€“-february-2025/4391573

.NET Nook

Want a simple way to get metrics from your app and show it in Grafana? Using a docker container it is relatively easy to connect those together.

Setting Up Grafana for Monitoring .NET Apps with Docker

Set up Grafana with Docker and Prometheus to monitor .NET apps. Learn to visualize metrics and create real-time dashboards.

www.funkysi1701.com/posts/2025/setting-up-grafana

First; donā€™t use SMS authentication as it is no longer secure. But next to that; it is a good example of how to extend the ASP.NET Core Identity system.

Implement Phone verification, 2FA using ASP.NET Core Identity

This post shows how to implement phone (SMS) verification and two-factor authentication (2FA) using ASP.NET Core Identity. The solution integrates phone-based verification and 2FA mechanisms. The iā€¦

damienbod.com/2025/03/03/implement-phone-verification-2fa-using-asp-net-core-identity

Closing Thoughts

Thank you for reading this weekā€™s edition!

Your feedback is invaluable, so if you have any thoughts, questions, or suggestions, please don't hesitate to reach out by simply replying to this mail.

If you enjoyed this update and want to continue receiving more, make sure to subscribe here.

I appreciate your time and look forward to hearing from you!

Did you like this edition?

Login or Subscribe to participate in polls.

Reply

or to participate.