Secret scanning? Check. Dependency Management? Check. Static Code Analysis? Check. You manage your secure software development platform, right?

Defensive programming, risk profiles, supply chain management, bill of materials - these (and many more) are topics we must talk about in 2025 when it comes to our engineering practices. A staggering amount of projects still lack these and are vulnerable to security threats even with all the best intentions.

Any organisation is highly likely that you either have a mash-up of tools making up your development platform, or you are shortly going to look at one, because you know how important it is. It is however quite tricky to get right and there are a number of pitfalls in successfully setting up one, given the lack of standard offerings.

Microsoft has a surprisingly clear offer for these needs: GitHub Advanced Security and Defender for DevOps. Let's see how to put them in practice and ensure a safe development experience.