On the 15th of September, 2025, Sonar finally released the long-awaited Software Composition Analysis (SCA) to SonarQube Advanced Security for SonarQube Cloud! Software Composition Analysis (SCA) is an ideally automated process that analyzes software codebases to identify or detect embedded open-source software/components. The identified/detected dependencies form the basis for the following features that SCA tools typically offer. Detection of known security vulnerabilities based on data from…

Configuring a custom domain for an Azure App Service including a App Service Managed Certificate is the kind of task where I constantly have to look up the details. For this reason, and because a colleague asked me to blog about it, I decided to briefly document the process here.

The author aimed to enable Defender for Storage on a dedicated storage account using Terraform, updating the existing configuration. Although the Terraform apply succeeded, the feature was not enabled. After research, the issue was resolved by adjusting user roles, allowing a subsequent Terraform apply to produce the desired outcome.

Hello Berner .NET friends The e-ID was approved by a narrow majority in the referendum. Let's take this opportunity to look at security and the integration of e-ID into ou

Hello Berner .NET friends The e-ID was approved by a narrow majority in the referendum. Let's take this opportunity to look at security and the integration of e-ID into ou

Learn more about how 'dotnet test' works and its support for VSTest and Microsoft.Testing.Platform (MTP)

While preparing my session for DWX 2025, in which I demonstrated a simple use case for Azure DevOps MCP Server (creating a user story from within the IDE), I came up with some other interesting use cases for the daily work of a developer. Now that I have tested them, I will outline the use cases I have discovered in this blog post.

This blog post describes how to automate the upload of files to an Azure storage account using Terraform.

In my work as a software developer, I have already been involved in numerous existing .NET software projects. Nearly all of these existing code bases had at least one thing in common: application configuration was not obvious. But why? Especially in the .NET ecosystem everything required to make it obvious is there. In this blog post I share my personal best practice to counteract this situation.

While testing the local Azure DevOps MCP Server public preview, TF400813 error occurred due to wrongly selected default Azure subscription. Re-running az login to and selecting the correct subscription resolved the problem, allowing the server to function properly.

This blog post shows how an ASP.NET Core Identity application can integrate and implement multiple external identity providers. An OIDC client UI uses the solution and is implemented using Duende I…

This week, I tested Office 365 SMTP credentials using PowerShell. I created a script that defines sender and receiver email addresses, subject, and message, and sets up an SMTP client with secure credentials. The server is smtp.office365.com, using SSL on port 587 to send the email successfully.

At the heart of Aspire is a resource model. It defines the shape of your application — its services, dependencies, configuration, and how…

The content describes a process for creating a git tag in Azure DevOps after each production deployment, using the assembly version from a .NET project. It outlines a pipeline job that retrieves the version, formats it, then creates and pushes a git tag, requiring specific permissions for the build service user.