Interested in learning more? Sign up for the preview, and we’ll do our best to get your Azure DevOps organization(s) enabled as soon as possible!.
Announcing the public preview of GitHub Advanced Security for Azure DevOps
GitHub Advanced Security for Azure DevOps is now available for public preview, making GitHub’s same application security testing tools natively available on Azure Repos.
Web applications are foundational to nearly every aspect of everyday life, whether they are used for shopping and remote work, or to provide life-saving services in hospitals and power critical infrastructure. However, the proliferation of web applications doesn’t come without risk. Applications continue to be a top attack vector, and are at the center of more than 40% of all data breaches.
At GitHub, we want to make it as easy as possible to not only build innovative software, but build it securely. GitHub Advanced Security’s (GHAS) application security testing tools were built to provide a frictionless, native experience for developers, to help drive innovation forward. This native approach is critical, as oftentimes security findings take six months or more to fix. With GHAS’ real time vulnerability detection, developers can fix issues in minutes, not months. For instance, the fix rate of vulnerabilities identified by CodeQL during a pull request is 72% compared to the industry norm fix rate of 15%, seven days after a vulnerability has been detected. This is just one of the reasons GHAS users fixed 24 million vulnerable packages in 2022.
Today, GHAS will be publicly available on Azure DevOps. GHAS has been a game-changer for many development teams, providing critical application security testing capabilities, such as secret scanning, dependency scanning (SCA), and code scanning (SAST) natively in the developer workflow. With these features natively embedded in Azure DevOps, teams can leverage the power of GHAS without leaving their familiar Azure DevOps environment.
Secret scanning: stop secret leaks
Secret scanning detects and prevents secret exposure in your application development process. Stolen credentials are present in nearly 50% of security incidents, highlighting the need for organizations to secure their secrets. GHAS for Azure DevOps provides out-of-the-box secret scanning, with no additional tooling required. You can easily enable it on all your repositories to instantly detect exposed secrets. In 2022 alone, GitHub detected over 1.7 million exposed secrets.
Dependency scanning: secure your software supply chain
Dependency scanning is another key feature that can help identify vulnerabilities in open source packages used in Azure Repos. With the rise of open source supply chain attacks, and the presence of vulnerabilities like Log4Shell, developers need to take extra precautions to ensure their code is secure. GHAS for Azure DevOps identifies the open source packages used in Azure Repos and provides guidance on how to upgrade those packages to mitigate vulnerabilities.
Code scanning: prevent and fix vulnerabilities in your code
Code scanning is a critical component of any robust application security strategy, and GHAS’ CodeQL static analysis engine has quickly become an industry leader in detecting static code vulnerabilities. With the integration of CodeQL scans directly into Azure Pipelines, developers can now detect hundreds of code security vulnerabilities across a wide range of languages, including C#, C/C++, Python, JavaScript/TypeScript, Java, Go, and more.
Tags:
Written by
Related posts
2024 is the biggest global election year in history. What’s at stake for developers?
GitHub is considering what is at stake for our users and platform, how we can take responsible action to support free and fair elections, and how developers contribute to resilient democratic processes.
GitHub named a Leader in the Gartner first-ever Magic Quadrant for AI Code Assistants
This year, as part of its annual Magic Quadrant series, Gartner published a first-of-its-kind report analyzing the state of play in the AI Code Assistants market–and named GitHub a Leader.
Survey: The AI wave continues to grow on software development teams
We surveyed 2,000 people on software development teams at enterprises in the U.S., Brazil, India, and Germany about the use, experience, and expectations around generative AI tools in software development.