Showing results for Security - Azure DevOps Blog

Exciting things are in store for Azure DevOps in the coming year! We’re planning deep investments in security as well as broad investment across the product. Read on for more information, and then be sure to check out our updated roadmap at https://aka.ms/AzureDevOpsRoadmap. Deep investments in security First, we are super excited about bringing ...

We have gotten a lot of feedback on this change and after internal deliberation, we are now rolling back this change ASAP. Final Update as of 5/19/22 @ 10:08 AM PST: Again, I am deeply sorry for the inconvenience and disruption this has caused. We remain deeply committed to making sure our customers have a first-class experience using Azure ...

Multiple on-prem customers have reported that after upgrading Git LFS to version 3.0 (or higher), they are no longer able to authenticate against Azure DevOps Server. This is because Git LFS has dropped support for NTLM authentication in version 3.0 (Changelog from 24th September 2021). While it is possible to roll back Git LFS to the last 2.x ver...

Welcome back! I am April Edwards and every week I try to bring you the latest updates from around the DevOps on Azure community. If you have a post you’d like to have me include, I am always listening. You can reach out on Twitter or LinkedIn and I will be sure to share your latest post with the community. Also, be sure to tag your posts with #Azur...

This week we’ll investigate the use cases for implementing the first cloud-native Security and Event Management service (SIEM) Microsoft Sentinel.

For Azure DevOps, our analysis pointed towards the Search service not being vulnerable. Even so, we are following the guidance and upgrading to the latest Log4j version and reviewing our network security group rules for the Search service as part of a defense in depth strategy. We will continue posting updates to this blog post as we learn mor

Azure DevOps was recently informed by GitKraken's development team, Axosoft, of a security vulnerability in GitKarken's key generation algorithm. This vulnerability led to the generation of insecure SSH keys. We identified customers affected by this vulnerability and revoked their SSH keys. Check out the blog post for more details.

As developers progress along the software delivery lifecycle there's a need to ensure that security scans can be automated. By implementing products like WhiteSource you can automatically detect, prioritize, and remediate your open source security vulnerabilities.

Secretless application development strives to solve some important problems, like preventing your credentials from being leaked. If you are seeing connection strings, usernames or passwords in log files, you're adding to your risk profile.

This week my guest was Senior Cloud Advocate Thomas Maurer . We dove into the world of hybrid cloud ! Not every application is born in the cloud, but they can certainly interact with it. A hybrid cloud is a type of cloud computing that combines on-premises infrastructure—or a private cloud—with a public cloud.