Our blog contains the activity stream of Orchard Dojo: general news, new resources or tutorials are announced here.

Copilot Integration, Last call: Speaker application for Orchard Harvest 2026 - This week in Orchard (01/05/2026)

This week, Mike Alhayek shows how to use Copilot directly inside Orchard Core!

But before that, check out some code where you can see that, starting now, Orchard supports static data migration methods, and suppressions are no longer required for migration steps that don't use instance state.

Welcome the first contribution from Jack Liu, who made the pagination of the List Part configurable to decide whether to show a full pager with page numbers or just the arrows to navigate to the previous and next pages.

Do you know that since 2013, we've been working with Óbuda University in a hands-on way to teach web development? If you are interested in our Orchard Core courses at the university, check out our post on our site!

As we mentioned, we started publishing last year's Harvest recordings to YouTube. Check them out for some inspiration, and don't forget to apply to be a speaker for this year's Harvest by the 5th of May, midnight, anywhere on Earth!

Ready to explore? Let's dive in!

Latest tutorials

Step away from that Node.js
zoltan.lehoczky
How we reduced our app's server-side latency in Azure by 98% while lowering cost by 28%
zoltan.lehoczky

Featured tags

This week in Orchard
Documentation
Announcement
Admin UI
Orchard Harvest
Localization
Workflows
Media Library
Tutorial
Content field
Liquid
Shape
Theme
Role
Recipes
Performance
Permission
Multi-tenancy
Query
Permissions
Orchard Harvest 2025
Orchard Core Nuggets
Security
Dojo Course
Content part
Orchard Core
Development
Widget
Content management
Admin menu
Community resource
Caching
Training
Module
Resource manifest
Flow Part
DotNest
Search
Background task
Elasticsearch
GraphQL
Extensions
Database
Azure
SQL Server
Event handlers
Azure AI Search feature
OpenAI
AI
Orchard Harvest 2026
Placement
Navigation
Authorization
Translation
ASP.NET Core
Admin Dashboard
Migration
Tag Helpers
Orchard Harvest 2024
Bag Part
Content model
Video
Facebook
Crowdin
Orchard Harvest conference
Click to deploy
Shortcodes
Node.js
Forum favorites
IIS
Multi-node setup
Social
File storage
Advanced
Upgrade
Orchard 1.x
Harvest 2014
Orchard Harvest Seattle
Publishing
MSBuild
Update Content Workflow Task - This week in Orchard (17/04/2020)
NuGet
OpenAPI
GitHub Actions
Admin Dashboard Widgets
Security Scanning
Case study
Authentication
MCP
eInvoicing
Hosting
Agent Skills
API
Harvest Challenge
Microsoft
How-to
Update
Orchard Harvest 2017
Sitemaps
User Picker Field
Audit Trail module UI improvements
Archive Later Feature
Named style and script Tag Helpers
This is Lombiq! - This week in Orchard (09/05/2020)
Pager
Lombiq
SMS
SEO
UI Testing Toolbox
Lucene
Assets Manager
Fluid
Cloud
Survey
Validation
SQL CE
IDependency
Event bus
Projector
NHibernate
LazyField
Dojo
Model binder
JavaScript
Scheduled task
Antispam
C# scripting
Beginners
InfoSet
Orchard 1.8
New Orchard Dojo Trainer
Orchard Beginner
Getting Started with Orchard CMS
Introducing Abhishek Luv
Orchard Dojo Trainer!
Orchard CMS Workshop
Orchard CMS Workshop In Mumbai
Owin
SQL Server 2016
SQL Server Management Studio
SQL Server Management Studio 2016
Troubleshooting
Windows 10
day 1
day 2
Dojo Course 2
Sortable lists
IScopedDistributedCache - This week in Orchard (17/01/2020)
headless recipe
jsonparse Liquid filter - This week in Orchard (24/01/2020)
Taxonomy and contained content items routing
Culture picker on the Setup page
CodeMirror editor for TextField - This week in Orchard (28/03/2020)
Scoped Liquid TemplateContext
Template Azure Blob with Liquid - This week in Orchard (10/01/2020)
Favicon
Breadcrumbs
Exception
Content Picker Menu Item
Kast case study - This week in Orchard (02/05/2020)
Click to deploy improvements
autoroute container routing - This week in Orchard (24/04/2020)
Audit Trail - This week in Orchard (31/07/2020)
Debugging
Swagger
Taxonomy Localization - This week in Orchard (12/06/2020)
Orchard branding
Assign Role permissions - This week in Orchard (28/03/2021)
content
Secrets module
JSON Recipe Deployment Step
Tenant Feature Profiles - This week in Orchard (14/10/2021)
Notifications Feature - This week in Orchard (23/09/2022)
Add title to background tasks and improve the UI
Lombiq Node.js Extensions - This week in Orchard (17/02/2023)
support login via username or email address for OpenID - This week in Orchard (28/07/2023)
Shape Tracing Helpful Extensions
Alt and Class attributes for the Image Shortcode - This week in Orchard (28/08/2020)
Short codes
new content filters - This week in Orchard (22/05/2020)
How to add a culture URL segment for localization in Orchard Core - Orchard Nuggets
Zed Attack Proxy (ZAP)
Orchard Dojo
Alias
ReCaptcha
Menu
Orchard Core Commerce
OAuth
EN 16931
XRechnung
ZUGFeRD
Factur-X
UpCloud
Exoscale
Schema
Schematron
Validator
SaxonJS
OpenID
ASP.NET Aspire
Razor
Copilot
All tags >

How to do a security scan of an Orchard Core app - Orchard Core Nuggets
You don't want malicious people to crack your web apps to use them for spamming, cryptocurrency mining, and spreading malware, nor do you want them to get access to your users' personal data (if you actually do want to cooperate with criminals, you don't need to read further). Thus, you want your app to be secure. One aspect of achieving this is to do penetration testing on your app. Thankfully, much of this can be automated, and with the help of Lombiq UI Testing Toolbox for Orchard Core and Zed Attack Proxy (ZAP) you can conveniently do this for your Orchard Core app. Let's see how! First, install v8.2.1-alpha.6.osoe-351 or greater of the UI Testing Toolbox from NuGet because that's the one that added security scanning. There are a couple of minor breaking changes that should affect nobody, really, in this, so it'll be part of the upcoming v.9.0.0 (but for that, we're waiting for Orchard Core 1.8). Set up UI testing as explained in the UI Testing Toolbox's documentation. While we're focusing on security scanning here, the UI Testing Toolbox can do a lot, and I really mean a lot more, including one-liners to test if the basic Orchard Core features still work in your app, or unleashing automated monkey testing to try to break your app. We never work on an Orchard Core app without its safety net! Add one or more test cases to run ZAP's security scan. Since all the configuration of ZAP is available to you, customization is unlimited, but to give you a glimpse, this is how a basic security scan that's already a good start would look like: [Fact] public Task BasicSecurityScanShouldPass() => ExecuteTestAfterSetupAsync(context => context.RunAndAssertBaselineSecurityScanAsync()); And that's it! OK, I might have omitted the last step here: 4. Fix all the security issues ZAP finds, because it'll definitely find at least a couple of them! This was just a short teaser, but be sure to check out the UI Testing Toolbox's security scanning documentation, because we tried to summarize everything necessary to get you going there, including samples that you can just copy-paste. Do you want to see security scanning in action? Check out the demo video too! Also, security starts with quality code. Check out our Lombiq .NET Analyzers project to get automated checks for your code too, including pointing out potential security issues even before running the app. Did you like this post? It's part of our Orchard Core Nuggets series where we answer common Orchard questions, be it about user-facing features or developer-level issues. Check out the other posts for more such bite-sized Orchard Core tips and let us know if you have another question!