Security News > 2023 > May > Microsoft, GitHub announce application security testing tools for Azure DevOps
GitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft's Azure DevOps Services.
"GitHub Advanced Security for Azure DevOps can not only help you find secrets that have already been exposed in Azure Repos, but also help you prevent new exposures by blocking any pushes to Azure Repos that contain secrets," says Aaron Hallberg, Director of Product for Azure DevOps, Microsoft.
The tool identifies the open-source packages used in Azure Repos and the vulnerabilities in them, and advises users on how to upgrade those packages to mitigate vulnerabilities.
Developers can now run CodeQL scans directly from Azure Pipelines on code from Azure Repos and act on the results within the Azure DevOps environment.
"Issues detected in each of these categories are presented in a repository-scoped Advanced Security experience using the Azure DevOps design language," Hallberg noted.
GitHub Advanced Security for Azure DevOps has been in private preview since November 2022 and is now in public preview.
News URL
https://www.helpnetsecurity.com/2023/05/24/application-security-testing-devops/
Related news
- Microsoft Copilot for Security prepares for April liftoff (source)
- Microsoft’s Security Copilot Enters General Availability (source)
- GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs (source)