This site uses cookies for analytics, personalized content. By continuing to browse this site, you agree to this use. Learn More
DevOps, Git, and Agile updates from the team building Azure DevOps
June 26, 2019Jun 26, 201906/26/19Auditing for Azure DevOps is now available for all organizations as a Public Preview! A new way to monitor activities and changes throughout Azure DevOps organizations.
May 31, 2019May 31, 201905/31/19Azure DevOps is currently investing in enhancing its routing structure. As a result of this enhancement, our IP address space will be changing. If you're currently using firewall rules to allow traffic to Azure DevOps, please be sure to update these rules to account for our new IP ranges.
September 27, 2018Sep 27, 201809/27/18Azure DevOps now supports AzureAD (AAD) users accessing organizations that are backed by Microsoft accounts (MSA). For administrators, this means that if your organization uses MSAs for corporate users, new employees can use their AAD credentials for access instead of creating a new MSA identity.
September 13, 2018Sep 13, 201809/13/18Basic authorization is now enabled on the communication between the TFS and Search services to make it more secure.
August 21, 2018Aug 21, 201808/21/18Static Application Security Testing (SAST) is a critical DevSecOps practice. As engineering organizations accelerate continuous delivery to impressive levels, it’s important to ensure that continuous security validation keeps up. To do so most effectively requires a multi-dimensional application of static analysis tools. The more customizable the tool, the better you can shape it to your actual security risk.
August 8, 2018Aug 8, 201808/8/18On the 24th of July 2018, we notified some customers via e-mail and on this blog about a planned action that we would start taking in relation to the malicious ESLint NPM package incident. This action is now underway.
July 24, 2018Jul 24, 201807/24/18As promised in the Protecting our users from the ESLint NPM package breach blog post last week, we have deployed new REST APIs to allow administrators of Visual Studio Team Services (VSTS) accounts to centrally revoke Personal Access Tokens (PAT) and JSON Web Tokens (JWT) created by users in their accounts.
July 18, 2018Jul 18, 201807/18/18On the 12th of July 2018, malicious code was detected in two popular open-source NPM packages, eslint-scope (version 3.7.2) and eslint-config-eslint (version 5.0.2). As a result, developers who downloaded and installed these packages may have had credentials stored in their .npmrc file compromised.
July 5, 2018Jul 5, 201807/5/18Today, we’re excited to announce that users with the Stakeholder access level can now be administrators in Visual Studio Team Services (VSTS). With these upcoming changes, Stakeholders can administer access levels, permissions, and settings – if they have been granted permissions to do so.
May 29, 2018May 29, 201805/29/18The Git community has disclosed an industry-wide security vulnerability in Git that can lead to arbitrary code execution when a user operates in a malicious repository. This vulnerability has been assigned CVE 2018-11235 by Mitre, the organization that assigns unique numbers to track security vulnerabilities in software.
