As part of the Build 2023 developer conference, Microsoft announced the release of a public preview of GitHub Advanced Security for Azure DevOps.
In a blog post, Microsoft stated:
"GitHub Advanced Security for Azure DevOps brings the same developer security features to Azure DevOps as GitHub Advanced Security, integrated directly into Azure Repos and Azure Pipelines This includes the same secret scanning, dependency scanning, and CodeQL code scanning capabilities available in GitHub Enterprise."Confidential scanning is helpful for developers who are afraid of exposing confidential credentials – “50% of all security breaches are due to credential exposure.
Using the features in GitHub Advanced Security for Azure DevOps can find any previously released secrets and also stop them before they are compromised.
"Depending on how widely the secrets are used, this can take days of effort and stress - if you miss rotating secrets in only one of the places where they are used, it can lead to a live site outage. On the other hand, if you stop the confidential from being exposed when you push, it's easier to clean up your commit and re-push it before it persists in Azure Repos."The new GitHub service can also discover any open-source package vulnerabilities with the Dependency Scan feature. In addition, it uses the CodeQL static analysis engine to let developers find hundreds of security issues from a variety of code languages.
GitHub Advanced Security for Azure DevOps billing is handled through Azure and costs $49 per month per active committer (currently about RMB 346), see more at this link.
