GitHub Advanced Security for Azure DevOps brings the secret scanning, dependency scanning and CodeQL code scanning solutions already available for GitHub users and natively integrates them into Azure DevOps to protect your Azure Repos and Pipelines.
These scanning tools will natively embed automated security checks into the Azure DevOps platform, allowing developers to secure their code, secrets and supply chain without leaving their workflow.
Azure DevOps Advanced Security provides below security features to help organizations identify and address security vulnerabilities in their development processes.
- Secret Scanning push protection: check if code pushes include commits that expose secrets such as credentials
- Secret Scanning repo scanning: scan your repository and look for exposed secrets that were committed accidentally
- Dependency Scanning – search for known vulnerabilities in open source dependencies (direct and transitive)
- Code Scanning – use CodeQL static analysis engine to identify code-level application vulnerabilities such as SQL injection and authentication bypass.
Scope of GitHub Advanced Security for Azure DevOps
- only available for Git repositories
- only available for Azure DevOps services, not available in Azure DevOps Server(old TFS)
Enable GitHub Advanced Security
You can enable Advanced Security at the organization, project, or repository level.
Repository-level onboarding
- Go to your Project settings for your Azure DevOps project.
- Select Repos > Repositories.
- Select the repository you want to enable Advanced Security for.
- Select Enable and Begin billing to activate Advanced Security. A shield icon now appears in the repository view for any repository with Advanced Security enabled.
No comments:
Post a Comment