Microsoft One Engineering System (1ES) team shares a sample for building Ready-To-Code Dev Box environments pre-configured with the necessary tools, repositories, and settings, ensuring consistency and reliability across teams. The post Dev Box Ready-To-Code Dev Box images template appeared first on Engineering@Microsoft.
#1es
18 posts
11 Dec 2024
25 Sept 2024
In April 2021, GitHub announced changes to their security token format that significantly enhanced security. The improvement leveraged two straightforward techniques: a fixed signature in the generated token and a checksum – both of which are highly effective in eliminating false positives (noise) and false negatives (missed findings). Microsoft also implements these techniques widely in […] The post Common annotated…
24 Aug 2023
What do you keep in your Git repos? Source code for your production applications certainly, but you probably also keep a fair amount of experimental and “hackathon” code. Maybe you keep your documentation in Git. Maybe, like the District of Columbia does, you even keep legal documents there. So which of these are the most […] The post Your Most…
23 May 2023
We’re in an exciting time for technology. But to take advantage of the opportunities, it’s critical for developers to have access to the tools and resources that can help them stay productive and do their best work. At Microsoft, we’re migrating many of our developers to highly productive… The post Microsoft Dev Box for Microsoft engineers appeared first on Engineering@Microsoft.
22 May 2023
A secure software supply chain represents another facet of Microsoft's built-in security to enhance and maintain trust in our products. It’s a continuation of the journey we embarked upon since the launch of Security Development Lifecycle (SDL) in 2004 and represents our commitment to continually enhance Microsoft’s foundational security. The post The Journey to Secure the Software Supply Chain at…
15 Mar 2023
The Accessibility Insights team recently fixed a bug in our Windows Presentation Foundation (WPF) app where checkboxes in a WPF tree view were not properly reporting their checked or unchecked state to adaptive technologies such as screen readers. This longstanding issue created a sub-par accessible experience in Accessibility Insights for Windows, our Windows app introduced […] The post Implementing an…
15 Dec 2022
Learnings from migrating Accessibility Insights for Web to Chrome’s Manifest V3
Engineering at MicrosoftSince February 2022, the Accessibility Insights team has been migrating Accessibility Insights for Web–our Chrome and Edge extension introduced in Jacqueline's February 14, 2022, post from Manifest V2 (MV2) to Manifest V3 (MV3). We wanted to share learnings and takeaways from our migration journey with a walkthrough… The post Learnings from migrating Accessibility Insights for Web to Chrome’s Manifest V3…
12 Jul 2022
Microsoft open sources its software bill of materials (SBOM) generation tool
Engineering at MicrosoftWe are excited and proud to open source our software bill of materials (SBOM) generation tool. A key requirement of the Executive Order on Improving the Nation’s Cybersecurity, SBOMs are lists of ingredients that make up software components, providing software transparency so organizations have insight into their supply chain dependencies. Our SBOM tool is a […] The post Microsoft open…
14 Feb 2022
In this post, Jacqueline Gibson goes over Accessibility Insights for Web, Microsoft's open-sourced Chrome and Edge extension that helps users find and fix web accessibility issues. The post Accessibility Insights for Web appeared first on Engineering@Microsoft.
1 Feb 2022
Flaky tests are a well-known problem across the industry and Microsoft is no exception. In this post, Suresh Thummalapenta walks us through the team's comprehensive flaky test management system that helps to infer, triage, and quarantine those tests. The post Improving developer productivity via flaky test management appeared first on Engineering@Microsoft.
13 Dec 2021
In this post, John Alkire walks through the features of Accessibility Insights for Windows, which enables users to inspect and test Windows applications to find and fix accessibility issues. The post Accessibility Insights for Windows appeared first on Engineering@Microsoft.
25 Oct 2021
CloudTest: A multi-tenant, scalable, performant and extensible verification service
Engineering at MicrosoftIn this post, Sina Jafari discusses key characteristics of the CloudTest infrastructure used at Microsoft and why similar characteristics should be considered in all large-scale test infrastructures to improve engineers’ productivity and help them ship high-quality software. The post CloudTest: A multi-tenant, scalable, performant and extensible verification service appeared first on Engineering@Microsoft.
13 Oct 2021
In this post, Adrian Diglio walks us through how Microsoft is planning to generate SBOMs not just to meet the U.S. Presidential Executive Order on Improving the Nation's Cybersecurity, but for all software that Microsoft produces. The post Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft appeared first on Engineering@Microsoft.
27 Sept 2021
In this post, Michael Fanning gives us a short history on standards (think Julius Caesar), how consensus on something very small can enable something very large, and how all of it relates to the design of the ‘Static Analysis Results Interchange Format’ (SARIF). The post Caesar, standards, and SAST: The road to SARIF appeared first on Engineering@Microsoft.
16 Sept 2021
The faster we iterate on refining secure development practices, the faster our developers can address security pain points, and the better we protect our customers. In this post, Bryan Sullivan walks through key learnings from the 1ES Security team. The post You can’t have security for DevOps until you have DevOps for security appeared first on Engineering@Microsoft.
19 Jul 2021
We believe that we can only solve the problem of inaccessible software by shifting accessibility left into the software design and development cycle. In this post, Mark Reay describes how our open-source offering, Accessibility Insights, can help. The post Shifting accessibility left with Accessibility Insights appeared first on Engineering@Microsoft.
6 Jul 2021
If a security tool catches a critical vulnerability, but also reports 99 other findings that turn out to be false positives, developers are going to ignore everything that the tool reports and then miss the important issues. Bryan Sullivan talks through how you can hone your tooling to separate the signal from the noise. The post Separating the signal from…
Microsoft has over 100,000 software engineers working on software projects of all sizes. Keeping those engineering teams productive while meeting their ever-increasing scale demands is a big challenge. Read about the One Engineering System (1ES) initiative in this inaugural post on the Engineering@Microsoft blog. The post Welcome to the Engineering@Microsoft Blog appeared first on Engineering@Microsoft.