In a critical development for the developer community, GitHub Advanced Security for Azure DevOps is now generally available. Aimed at enhancing code, secret, and dependency scanning within Azure Repos, the new features offer an all-in-one security solution for your development projects. Bryan Sullivan, Principal PM Manager at GitHub, made this announcement on September 20th, 2023, emphasizing the feature updates since the public preview based on user feedback.
Key Features and Improvements
Simplified Onboarding
Gone are the days of cumbersome registration for enabling Advanced Security. Any Azure DevOps Project Collection Administrator (PCA) can directly enable these protections for their projects and repositories via Azure DevOps configuration settings.
Bulk Enablement and Default Settings
During its public preview, GitHub offered PowerShell scripts for bulk-enablement as a temporary fix. Now, you can effortlessly enable Advanced Security at the organization or project level, and even choose to have it automatically enabled for newly created repositories.
Transparent Billing
With billing calculated per active committer, GitHub now offers visibility into the number of new active committers that you would incur charges for when enabling Advanced Security.
Unified Security Alerts Dashboard
Perhaps the most requested feature, GitHub Advanced Security is now integrated with Microsoft Defender for Cloud (MDC). This allows users to view all security alerts across all their repositories and organizations in a single pane. The integration comes at no extra cost in the free tier of MDC, with more advanced features in the paid tier.
Additional Highlights
- Secret Scanning: Detect credentials and prevent accidental pushing of new secrets.
- Dependency Scanning: Identify known vulnerabilities in open-source packages and receive guidance on fixes.
- Code Scanning with CodeQL: Static analysis engine to identify deep application security vulnerabilities.
Future Roadmap
The general availability of GitHub Advanced Security is part of a broader Azure DevOps Roadmap aimed at investments in security and beyond. Upcoming features include granular scopes for Azure Active Directory OAuth, support for more secure authentication alternatives, and deeper Azure Active Directory integration.
Engage with the Community
GitHub is hosting a webinar demo and Q&A session on October 6th to provide more details and answer real-time queries. For those interested in shaping future developments, suggestions can be submitted through the Developer Community site.
Final Thoughts
The general availability of GitHub Advanced Security for Azure DevOps marks a significant stride in securing development environments. It not only addresses the immediate needs of the developer community but also sets the stage for more advanced, integrated security features. As development ecosystems evolve, the symbiosis between GitHub and Azure DevOps emerges as a formidable safeguard in the realm of code security.
