Showing results for Security - Azure DevOps Blog

Nov 6, 2019
1
0

Secure software supply chain with Azure Pipelines artifact policies

Vishal Jain
Vishal Jain

New preview capabilities for Azure Pipelines let you define artifact policies that are enforced before deploying to critical environments such as production. You will be able to define custom policies that are evaluated against all the deployable artifacts in a given pipeline run and block the deployment if the artifacts don't comply.

CI/CDAzure & CloudSecurity
Jun 26, 2019
14
0

Auditing for Azure DevOps is now in Public Preview

Octavio Licea Leon
Octavio Licea Leon

Auditing for Azure DevOps is now available for all organizations as a Public Preview! A new way to monitor activities and changes throughout Azure DevOps organizations.

SecurityAzure & CloudAdmin & Licensing
May 31, 2019
16
0

New IP firewall rules for Azure DevOps Services

Whitney Jenkins
Whitney Jenkins

Azure DevOps is currently investing in enhancing its routing structure. As a result of this enhancement, our IP address space will be changing. If you're currently using firewall rules to allow traffic to Azure DevOps, please be sure to update these rules to account for our new IP ranges.

Security
Sep 27, 2018
0
0

Using AzureAD identities in Azure DevOps organizations backed by Microsoft Accounts

Justin Marks
Justin Marks

Azure DevOps now supports AzureAD (AAD) users accessing organizations that are backed by Microsoft accounts (MSA). For administrators, this means that if your organization uses MSAs for corporate users, new employees can use their AAD credentials for access instead of creating a new MSA identity.

DevOpsSecurityAdmin & Licensing
Aug 21, 2018
0
0

A Microsoft DevSecOps Static Application Security Testing (SAST) Exercise

Michael C. Fanning
Michael C. Fanning

Static Application Security Testing (SAST) is a critical DevSecOps practice. As engineering organizations accelerate continuous delivery to impressive levels, it’s important to ensure that continuous security validation keeps up. To do so most effectively requires a multi-dimensional application of static analysis tools. The more customizable the tool, the better you can shape it to your actual security risk.

DevOpsSecurity
Aug 8, 2018
0
0

Revoking potentially impacted tokens from ESLint vulnerability

Justin Marks
Justin Marks

On the 24th of July 2018, we notified some customers via e-mail and on this blog about a planned action that we would start taking in relation to the malicious ESLint NPM package incident. This action is now underway.

DevOpsSecurityAdmin & Licensing
Jul 24, 2018
0
0

Enabling administrators to revoke VSTS access tokens

Justin Marks
Justin Marks

As promised in the Protecting our users from the ESLint NPM package breach blog post last week, we have deployed new REST APIs to allow administrators of Visual Studio Team Services (VSTS) accounts to centrally revoke Personal Access Tokens (PAT) and JSON Web Tokens (JWT) created by users in their accounts. We've reviewed our system telemetry ...

DevOpsSecurityAdmin & Licensing
Jul 18, 2018
0
0

Protecting our users from the ESLint NPM package breach

Rajesh Ramamurthy (MSFT)
Rajesh Ramamurthy (MSFT)

On the 12th of July 2018, malicious code was detected in two popular open-source NPM packages, eslint-scope (version 3.7.2) and eslint-config-eslint (version 5.0.2). As a result, developers who downloaded and installed these packages may have had credentials stored in their .npmrc file compromised. This may include credentials required to access...

DevOpsSecurity
Jul 5, 2018
1
0

If I am a VSTS Stakeholder, can I also be an Admin?

Paris Morgan
Paris Morgan

Today, we’re excited to announce that users with the Stakeholder access level can now be administrators in Visual Studio Team Services (VSTS). With these upcoming changes, Stakeholders can administer access levels, permissions, and settings – if they have been granted permissions to do so. Previously, they were only able to invite users and ...

DevOpsSecurityAdmin & Licensing