Now Generally Available: GitHub Advanced Security for Azure DevOps is ready for you to use
We’re excited to announce that GitHub Advanced Security for Azure DevOps is now generally available and is ready for you to use in your own Azure DevOps repos! You can now enable code, secret, and dependency scanning within Azure Repos and take advantage of the new product updates.
Learn how to enable Advanced Security in your Azure Repos >
Thanks to your great feedback, we were able to identify issues and deliver updates that address key improvements since our public preview. You wanted:
- Faster onboarding after registering for Advanced Security
- The ability to enable multiple repos simultaneously
- More upfront clarity in billing
- Better visibility into all enabled repo alerts through a single pane of glass
and we delivered.
Instead of registering to get your organization onboarded to Advanced Security, we’ve done away with the registration process entirely. Any Azure DevOps Project Collection Administrator (PCA) can now enable Advanced Security protections for their orgs/projects/repos through the Azure DevOps configuration settings.
Speaking of enablement experiences, we also addressed that you’d really like an easy way to enable all the repos in a given project or org. During public preview, we provided some PowerShell scripts to help automate bulk-enablement as a workaround, but we acknowledged that you wanted the ability to enable Advanced Security on newly created repos by default. To make this process easier for you, you can now choose to enable Advanced Security at the org or project level as well as the individual repo level, and you can also choose for Advanced Security to be automatically enabled for any future repos you and your teams create.
Because Advanced Security is billed per active committer, we also now show the number of new active committers you would be billed for by enabling Advanced Security for a repo/project/org.
I’ve saved our biggest news for last: another virtually universal feature request we get is for a way for you to view all your Advanced Security alerts across all your repos in a single pane of glass. However, we’ve actually done better than that! Advanced Security is now integrating with Microsoft Defender for Cloud (MDC) to enable you to view all the alerts for all your repos across all your orgs – both Azure DevOps and GitHub – all in a single pane of glass in MDC. This all comes in the free tier of MDC, so it’s no extra cost to you, but you do get some awesome code-to-cloud contextualization capabilities in the paid tier, so please do check that out.
Again, whether you’ve ever signed up for an Advanced Security preview or not, all these new features and all the existing features of Advanced Security (such as code scanning, dependency scanning, and secret scanning) are now ready for you to enable in your own Azure DevOps orgs. We’d love to hear any feedback you have for us by using the Developer Community site. For more information, we’re also hosting a webinar demo and Q&A on October 6, and we’d love to see you there to answer any questions you may have in real time!
Learn more about the GitHub Advanced Security for Azure DevOps Webinar >
To learn more about other upcoming Azure DevOps investments in security and beyond, see https://aka.ms/AzureDevOpsRoadmap.
Light
Dark
33 comments
Are there any plans to support other languages like typescript during code scanning. Seems to only be a few supported at the moment according to the documentation.
Hi Gary, we do currently support TypeScript! Here’s the full list of languages:
– C/C++
– C#
– Go
– Java
– Kotlin
– JavaScript
– Python
– Ruby
– Swift
– TypeScript
– and more are on the way that we’re not ready to name quite yet 🙂 If you have requests for CodeQL language/framework support, please let us know at https://developercommunity.visualstudio.com. Thanks!
https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/