Starting September 20th, 2023, the core scanning capabilities of GitHub Advanced Security for Azure DevOps can now be self-enabled within Azure DevOps and connect to Microsoft Defender for Cloud. Customers can automate security checks in the developer workflow using:
- Code Scanning: locates vulnerabilities in source code and provides remediation guidance.
- Secret Scanning: identifies high-confidence secrets and blocks developers from pushing secrets into code repositories.
- Dependency Scanning: discovers vulnerabilities with open-source dependencies and automates update alerts for developers.
These features will help developers implement security earlier in the software development lifecycle to find and fix issues before code is deployed to production. What’s more, GitHub Advanced Security for Azure DevOps now connects to Defender for Cloud to unify visibility of security posture for developers and SecOps teams.