Microsoft announces general availability of GitHub Advanced Security for Azure DevOps

Microsoft announced the official release of GitHub Advanced Security for Azure DevOps. This new feature brings the suite of security features of GitHub Advanced Security, including code, secrets, and dependency scanning, to Azure repositories. Currently, GitHub Advanced Security for Azure DevOps is only available for Azure DevOps services. Therefore, it does not work with Azure DevOps Server.

GitHub Advanced Security for Azure has the following features:

• Confidential Scanning Push Protection: Check code pushes for commits that contain public secrets (such as credentials)
• Confidential Scanning Repository Scan: Scans repositories and looks for unexpectedly committed public secrets
• Dependency Scan – Searches for known vulnerabilities in open source dependencies (direct and transitive)
• Code Scan – Uses CodeQL static Analysis engine identifies code-level application vulnerabilities such as SQL injection and authentication bypass

Based on customer feedback, Microsoft has integrated GitHub Advanced Security with Microsoft Defender for Cloud, allowing organizations to View all alerts for all repositories on Azure DevOps and GitHub in a single management platform for Microsoft.

The above is the detailed content of Microsoft announces general availability of GitHub Advanced Security for Azure DevOps. For more information, please follow other related articles on the PHP Chinese website!