Imagine you have a Function App that has multiple Functions deployed. It's a common scenario, and depending on how you've built the architecture for the solution, it can come in handy to use Dependency Injection to instantiate a service once when the Function App (host) starts up, and re-use that object across all executions of your Functions inside this Function App. To paint a picture of what this means, I can refer to one of my spare-time project scenarios. I have a Function App on a premium tier with 8 Functions that are a mix between Timer Triggers and Queue…
Best Practices for security in Azure Container Registries is a list of real-world experiences in strengthening your security posture.…
While threats are ever-increasing, so are the capabilities, methodologies, and technologies we have at our disposal to mitigate risks at a higher cadence than ever before. In this article, I'll talk about the responsibility we have as developers, solution architects, DevOps engineers, and anyone else involved in your teams. Security is a team effort, and everyone needs to get on board on what processes and rules to follow. Today we can automate a lot of the things we do for code quality and security, so the road to increasing the security posture doesn't have to be a long one. Regardless…
I have a lot of Azure Functions. Most of them are running on v2 with support for .NET Core 2.2 and netstandard2.0. During the upgrade process of my projects, I stumbled onto this several times across different projects: Microsoft.Azure.WebJobs.Host: Cannot bind parameter 'log' to type ILogger. The full message: [2019-12-17 8:10:32 PM] Error indexing method 'ControlApp' [2019-12-17 8:10:32 PM] Microsoft.Azure.WebJobs.Host: Error indexing method 'ControlApp'. Microsoft.Azure.WebJobs.Host: Cannot bind parameter 'log' to type ILogger. Make sure the parameter Type is supported by the binding. If you're using…
Over the years there's been a plethora of API's and approaches to work with artifacts and resources in Azure. In July this year (2019), Microsoft announced the availability of the new Azure SDK API Standards, which is a new set of SDK's in the following languages: Python, Java, JavaScript and .NET. These SDK's are supposed to be a unified approach to building the SDK's, and whatever goes into one API goes into all of them, so there's no disconnect between capabilities in different programming languages. Now that some Azure services have matured and been adopted into business-critical enterprise applications, we…
When working with Azure DevOps (or locally sometimes with Visual Studio), depending on what versions of the SDK you've got on your machines (local, or build agent), you may get the following error if there's a mismatch: Unable to locate the .NET Core SDK. Check that it is installed and that the version specified in global.json (if any) matches the installed version. A related error message that I also see regularly together with the one above is: error MSB4236: The SDK 'Microsoft.NET.Sdk.Web' specified could not be found. I've stumbled onto this when the defined version of…
Azure Functions are usually tied to an Azure Storage Account by using App Settings. Unfortunately, when launching a new Function App project in Visual Studio, or watching demos and examples online, the connection string usually is in App Settings in plain text. In this post I'm sharing a quick tip on how to protect sensitive configuration values in App Settings by using Secrets from a Key Vault, and you can even reference the default Storage Account connection string this way, completely avoiding any type of sensitive data in App Settings, from scratch. Microsoft have some good documentation (links in the…
This post is about increasing automated security posture with Azure DevOps by using the "Microsoft Security Code Analysis extension", which is a set of tasks that helps implement security analysis of your files and code in your pipelines. Microsoft have done an amazing job with making this extension available, so we can make use of automated build tasks to check for some commonly encountered security issues. Follow me in this article to explore how we make use of the Azure DevOps extension for Microsoft Security Code Analysis, which includes these build tasks to help us: Credential Scanner (CredScan)BinSkimTSLintRoslyn AnalyzersMicrosoft…