Microsoft announces the general availability of GitHub Advanced Security for Azure DevOps

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

GitHub Advanced Security Azure DevOps

Today, Microsoft announced the general availability of GitHub Advanced Security for Azure DevOps. This new feature brings GitHub Advanced Security’s suite of security features including code, secret, and dependency scanning to Azure Repos. Right now, GitHub Advanced Security for Azure DevOps is only available for Azure DevOps service. So, it is not available for Azure DevOps Server.

GitHub Advanced Security for Azure comes with the following features:

  • Secret Scanning push protection: check if code pushes include commits that expose secrets such as credentials
  • Secret Scanning repo scanning: scan your repository and look for exposed secrets that were committed accidentally
  • Dependency Scanning – search for known vulnerabilities in open source dependencies (direct and transitive)
  • Code Scanning – use CodeQL static analysis engine to identify code-level application vulnerabilities such as SQL injection and authentication bypass

Based on the customer feedback, Microsoft has integrated GitHub Advanced Security with Microsoft Defender for Cloud allowing organizations to view all the alerts for all their repos across both Azure DevOps and GitHub in a single pane of glass in Microsoft Defender for Cloud.

 

User forum

0 messages