If you use build service identities like to call Advanced Security APIs, the Advanced Security permission changes in Sprint 269 broke that. We restricted API access for build identities as a security improvement but failed to provide an early notice for customers that relied upon this for various automations. We're rolling it back temporarily. Th...

Security vulnerabilities don't fix themselves. Someone needs to track them, prioritize them, and actually ship the fix. If you've ever tried to manage security alerts alongside your regular sprint work, though, you know the friction: you're looking at an alert in one tab, switching to your backlog in another, trying to remember which vulnerability ...

Any experiences that require additional setup is cumbersome, especially when there are multiple people needed. In GitHub Advanced Security for Azure DevOps, we're working to make it easier to enable features and scale out enablement across your enterprise. You can now automatically inject the dependency scanning task into any pipeline run targetin...

Following the changes to GitHub Advanced Security on GitHub, we're launching the standalone security products of GitHub Secret Protection and GitHub Code Security for Azure DevOps today. You can bring the protection of Advanced Security to your enterprise with the flexibility to enable the right level of protection for your repositories. GitHub S...