Microsoft & GitHub Announce Application Security Testing Tools for Azure DevOps

GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft’s Azure DevOps Services.

What is GitHub Advanced Security for Azure DevOps?
GitHub Advanced Security for Azure DevOps is a suite of tools native to the platform and, like the GitHub Advanced Security offering, encompasses tools for:

* Detecting and preventing secret exposure in users’ application development process (“Secret scanning”)
* Identifying vulnerabilities in open source packages used in Azure Repos (“Dependency scanning”)
* Detecting static code vulnerabilities (“Code scanning”)

Secret scanning
Secret scanning includes both repo scanning and push protection.

“GitHub Advanced Security for Azure DevOps can not only help you find secrets that have already been exposed in Azure Repos, but also help you prevent new exposures by blocking any pushes to Azure Repos that contain secrets,” says Aaron Hallberg, Director of Product for Azure DevOps, Microsoft.

“If you block the secret exposure at push time, before it’s persisted in Azure Repos, it’s a five-minute job to clean up your commit and repush.”

Dependency scanning
The tool identifies the open-source packages used in Azure Repos and the vulnerabilities in them, and advises users on how to upgrade those packages to mitigate vulnerabilities.

The information on which the guidance is based is pulled from the GitHub Advisory Database.

Code scanning
The code scanning tool is powered by CodeQL, a semantic code analysis engine that can detect security vulnerabilities across code written in many different programming languages: C#, C/C++, Python, JavaScript/TypeScript, Java, Kotlin, Go, etc.

Developers can now run CodeQL scans directly from Azure Pipelines on code from Azure Repos and act on the results within the Azure DevOps environment.

“Issues detected in each of these categories are presented in a repository-scoped Advanced Security experience using the Azure DevOps design language,” Hallberg noted.

Availability and price
GitHub Advanced Security for Azure DevOps has been in private preview since November 2022 and is now in public preview (users need to sign up for it).

It costs $49 per active committer per month, and billing is done through Azure.

– Help Net Security

Related posts

New Relic Expands Presence in India with New Bengaluru Office Space to Drive Innovation and Support Growing Global Customer Demand

AWS Appoints edForce as an Authorised Training Partner to Strengthen Cloud Skill Development in India

Nxtra by Airtel Becomes First Data Centre in India to Deploy AI for Enhanced Operational Excellence

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More