Microsoft announces the GitHub Advanced Security for Azure DevOps public preview

As part of Microsoft"s Build 2023 developers conference, the company has announced that it has launched the public preview of GitHub Advanced Security for Azure DevOps. Microsoft first announced that GitHub Advanced Security was coming to Azure DevOps in October 2022, and launched a private preview in November 2022.

In a blog post, Microsoft says:

GitHub Advanced Security for Azure DevOps brings the same industry leading developer security capabilities as GitHub Advanced Security to Azure DevOps, integrated directly into Azure Repos and Azure Pipelines. This includes the same secret scanning, dependency scanning, and CodeQL code scanning capabilities available within GitHub Enterprise.

The secret scanning feature should be a huge help for developers who might be afraid of exposing secret credentials. The blog post says that 50 percent of all security breaches are due to exposed credentials.

Using the feature in GitHub Advanced Security for Azure DevOps can find any previously released secrets, but also block any more of them before they get out. It states:

Depending on how widely the secret is used, this could be days of effort and stress - if you miss rotating the secret in just one of the places it’s used, you could cause a live site outage! On the other hand, if you block the secret exposure at push time, before it’s persisted in Azure Repos, it’s a five-minute job to clean up your commit and repush. So much easier.

The new GitHub service can also find any open-source package vulnerabilities with its Dependency Scanning feature. In addition, it uses the CodeQL static analysis engine to let developers find hundreds of security issues from a variety of code languages.

Billing for GitHub Advanced Security for Azure DevOps is handled via Azure. It will cost $49 per active committer per month. Interested customers can go ahead and sign up for the public preview now at its official website.

In case you want to read more, you can find the rest of the Build 2023 coverage here.

Report a problem with article
Next Article

Microsoft announces the general availablity of Azure Deployment Environments for free

Previous Article

Alongside 2TB SSD, Microsoft Dev Box gets Visual Studio performance boost on Windows