Introduction

GitHub Advanced Security (GHAS) for Azure DevOps is now available for public preview. With the increasing use of web applications, security has become a major concern. GHAS provides critical security testing capabilities natively embedded in the developer workflow to build software securely.

Native Approach

The native approach of GHAS is critical as security findings often take a long time to fix. With GHAS, the fix rate of vulnerabilities identified during a pull request is 72% compared to the industry norm fix rate of 15%, seven days after a vulnerability has been detected. GHAS users fixed 24 million vulnerable packages in 2022, making it a game-changer for many development teams.

Secret Scanning

GHAS for Azure DevOps provides out-of-the-box secret scanning with no additional tooling required. Repositories can easily enable this feature to instantly detect exposed secrets. GitHub detected over 1.7 million exposed secrets in 2022 alone.

Dependency Scanning

Dependency scanning is another key feature that identifies vulnerabilities in open source packages used in Azure Repos. With the rise of open source supply chain attacks and vulnerabilities like Log4Shell, developers need to take extra precautions to ensure their code is secure. GHAS for Azure DevOps identifies open source packages and provides guidance on how to mitigate vulnerabilities through upgrading.

Code Scanning

GHAS's CodeQL static analysis engine quickly detects static code vulnerabilities, making code scanning a critical component of a robust application security strategy.

Conclusion

GitHub Advanced Security offers a comprehensive security solution for development teams. With secret scanning, dependency scanning, and code scanning capabilities natively embedded in Azure DevOps, teams can protect their code and ensure secure software development.