The art of simplicity

Modern software development relies heavily on third-party dependencies. Whether you're building a Java application with Maven, a Javascript app with npm,  a .NET application with NuGet, or a Python service with pip, you're likely incorporating dozens—if not hundreds—of external libraries into your codebase. While this approach accelerates development, it also introduces significant security and compliance risks that many organizations struggle to manage effectively. This is the first post in a three-part series about how we evolved from OWASP Dependency Checker to Dependency-Track to gain visibility and control over our software supply chain. In this post, I'll introduce what Dependency-Track is and explain why we decided to adopt it. What is Dependency-Track? Dependency-Track is an open-source Component Analysis platform that helps organizations identify and reduce risk in their software supply chain. At its core, it's a continuous monitoring solution that ingest...

Loading data into a Microsoft Fabric Data Warehouse can feel effortless—until it suddenly isn’t. Being a total MS Fabric noob, the following error message caused some confusing and brough me on a learning journey I like to share: String or binary data would be truncated while reading column of type 'VARCHAR(255)'. Turns out that if you’re working with Parquet files, multilingual data, or Copy Into pipelines, this error can appear even when the source column seems to match the target column. In this post, I’ll walk through why this happens, why collation changes alone don’t fix it, and what you can do to avoid it. The scenario I was loading data from an on premise datasource through a data gateway into a Fabric Data Warehouse table. The target column is defined as: NAME_LB VARCHAR(255) To already give you a hint, the source column contains values like: RÖ The column lengths match. I even switched the collation to a UTF‑8 compatible one: COLLATE Latin1_General_...

A while ago I blogged about how we could setup our own multi-agent workflow by using Git worktrees. With Git worktrees you can setup a branch as a separate folder. If you combine this with the GitHub Copilot CLI you could have multiple agents all working simultaneously on multiple branches while you can continue development as well. Although the process I described works quite well, it remained somewhat cumbersome and was not well integrated into the VSCode development experience. Not anymore with background agents… The problem with foreground-only agents By defaullt, the Copilot agent operates in the foreground. When you ask Copilot to refactor a function or write tests, you're essentially blocked until the task completes. Your editor is locked into that conversation, that context, that task. This works fine for quick queries, but what about: Running comprehensive test suites while you continue development Refactoring an entire module while you work on a new featu...

GHub Copilot gives you the option to create your own agents (before called chatmodes). Such a custom agent can pick up specific tasks and take on a role inside the development process e.g. a code reviewer, a tester, an architect, ... Custom agents are defined in an  .agent.md Markdown file and consists of the following elements: A name A description An (optional) model A set of tools that the agent can use And of course, a prompt Remark: For the full list of elements, have a look at the documentation here . Here is an example from the Awesome Copilot Github repo: Handoffs With the latest VSCode update an extra element was introduced, handoffs. Handoffs allow to create sequential workflows where after one agent has completed it’s job, it can handover the work to another agent. This handoff can happen automatically or through handoff buttons that let you choose how to continue. Let’s us create an example: First I create 2 agents   ...

There's a question that comes up in nearly every leadership workshop, every team development session, every coaching conversation about authenticity: Should I be thinking about my professional values or my personal values? It's an understandable question. We've been conditioned to believe in compartmentalization—that we can be one person at work and another at home, that we can hold one set of principles in the boardroom and a different set at the dinner table. But here's what Brené Brown names so clearly in Dare to Lead : We have only one set of values. Me and the other me The idea that we might have separate value systems for different areas of our lives is appealing. It would make things so much easier, wouldn't it? We could be competitive at work but collaborative at home. We could prioritize results over relations in business but reverse that in our personal relationships. Except that's not how integrity works. That's not how we work. ...

The recent software supply chain attacks proof again that having insights in own project dependencies is crucial. This is where GitHub's dependency graph can help. It maps every direct and transitive dependency in your project, giving you the visibility you need to understand, secure, and manage your software supply chain. What is the Dependency Graph? The dependency graph is a summary of the manifest and lock files stored in a repository, showing which packages depend on what, helping you identify risks, prioritize security fixes, and keep track of your project's true footprint. For each repository, the dependency graph shows: Dependencies : The ecosystems and packages your project relies on Version information : What versions you're using License details : The licensing terms of your dependencies Vulnerability status : Whether any dependencies have known security issues Transitive paths : For ecosystems that support it, you can see the entire ch...