Interested in learning more? Sign up for the preview, and we’ll do our best to get your Azure DevOps organization(s) enabled as soon as possible!.
Announcing the public preview of GitHub Advanced Security for Azure DevOps
GitHub Advanced Security for Azure DevOps is now available for public preview, making GitHub’s same application security testing tools natively available on Azure Repos.
Web applications are foundational to nearly every aspect of everyday life, whether they are used for shopping and remote work, or to provide life-saving services in hospitals and power critical infrastructure. However, the proliferation of web applications doesn’t come without risk. Applications continue to be a top attack vector, and are at the center of more than 40% of all data breaches.
At GitHub, we want to make it as easy as possible to not only build innovative software, but build it securely. GitHub Advanced Security’s (GHAS) application security testing tools were built to provide a frictionless, native experience for developers, to help drive innovation forward. This native approach is critical, as oftentimes security findings take six months or more to fix. With GHAS’ real time vulnerability detection, developers can fix issues in minutes, not months. For instance, the fix rate of vulnerabilities identified by CodeQL during a pull request is 72% compared to the industry norm fix rate of 15%, seven days after a vulnerability has been detected. This is just one of the reasons GHAS users fixed 24 million vulnerable packages in 2022.
Today, GHAS will be publicly available on Azure DevOps. GHAS has been a game-changer for many development teams, providing critical application security testing capabilities, such as secret scanning, dependency scanning (SCA), and code scanning (SAST) natively in the developer workflow. With these features natively embedded in Azure DevOps, teams can leverage the power of GHAS without leaving their familiar Azure DevOps environment.
Secret scanning: stop secret leaks
Secret scanning detects and prevents secret exposure in your application development process. Stolen credentials are present in nearly 50% of security incidents, highlighting the need for organizations to secure their secrets. GHAS for Azure DevOps provides out-of-the-box secret scanning, with no additional tooling required. You can easily enable it on all your repositories to instantly detect exposed secrets. In 2022 alone, GitHub detected over 1.7 million exposed secrets.
Dependency scanning: secure your software supply chain
Dependency scanning is another key feature that can help identify vulnerabilities in open source packages used in Azure Repos. With the rise of open source supply chain attacks, and the presence of vulnerabilities like Log4Shell, developers need to take extra precautions to ensure their code is secure. GHAS for Azure DevOps identifies the open source packages used in Azure Repos and provides guidance on how to upgrade those packages to mitigate vulnerabilities.
Code scanning: prevent and fix vulnerabilities in your code
Code scanning is a critical component of any robust application security strategy, and GHAS’ CodeQL static analysis engine has quickly become an industry leader in detecting static code vulnerabilities. With the integration of CodeQL scans directly into Azure Pipelines, developers can now detect hundreds of code security vulnerabilities across a wide range of languages, including C#, C/C++, Python, JavaScript/TypeScript, Java, Go, and more.
Tags:
Written by
Related posts
GitHub Availability Report: November 2024
In November, we experienced one incident that resulted in degraded performance across GitHub services.
The top 10 gifts for the developer in your life
Whether you’re hunting for the perfect gift for your significant other, the colleague you drew in the office gift exchange, or maybe (just maybe) even for yourself, we’ve got you covered with our top 10 gifts that any developer would love.
Congratulations to the winners of the 2024 Gaady Awards
The Gaady Awards are like the Emmy Awards for the field of digital accessibility. And, just like the Emmys, the Gaadys are a reason to celebrate! On November 21, GitHub was honored to roll out the red carpet for the accessibility community at our San Francisco headquarters.