Microsoft has launched GitHub Advanced Security for Azure DevOps in public preview today. The new service is designed to help developers embed automated security checks into the platform to protect their application code and supply chain.
Microsoft first introduced GitHub Advanced Security in private preview back in November 2022. The service allows customers to address the most common threats (secrets, keys, and passwords) in the software development life cycle. The secret scanning feature helps to block code pushing containing secrets into Azure repositories.
“Exposed credentials are implicated in over 50% of security breaches. GitHub Advanced Security for Azure DevOps can not only help you find secrets that have already been exposed in Azure Repos, but also help you prevent new exposures by blocking any pushes to Azure Repos that contain secrets. All with a single click,” explained Aaron Hallberg, VP of Product Management, GitHub.
Code Scanning
GitHub Advanced Security for Azure DevOps also uses the CodeQL static analysis engine to detect code vulnerabilities, such as authorization bypass and SQL injection attacks. The code scanning feature supports popular programming languages, including Python, C++, C#, Java, Go, and JavaScript/TypeScript.
Dependency Scanning
Lastly, GitHub Advanced Security for Azure DevOps scans the source code to find direct and transitive dependencies for open-source packages. It also provides information to help developers upgrade the packages in order to mitigate security issues within the application code.
GitHub Advanced Security for Azure DevOps pricing details
Overall, Microsoft’s GitHub Advanced Security service should help to bolster Azure DevOps security. The new solution is available for all enterprise customers worldwide, and it costs $49 per active committer per month. However, IT admins will be able to use the Azure DevOps configuration settings to enable/disable security protections for select repositories.