Technology Subset

Announcing the public preview of GitHub Advanced Security for Azure DevOps – Technology Subset


Web applications are foundational to nearly every aspect of everyday life, whether they are used for shopping and remote work, or to provide life-saving services in hospitals and power critical infrastructure. However, the proliferation of web applications doesn’t come without risk. Applications continue to be a top attack vector, and are at the center of more than 40% of all data breaches.

At GitHub, we want to make it as easy as possible to not only build innovative software, but build it securely. GitHub Advanced Security’s (GHAS) application security testing tools were built to provide a frictionless, native experience for developers, to help drive innovation forward. This native approach is critical, as oftentimes security findings take six months or more to fix. With GHAS’ real time vulnerability detection, developers can fix issues in minutes, not months. For instance, the fix rate of vulnerabilities identified by CodeQL during a pull request is 72% compared to the industry norm fix rate of 15%, seven days after a vulnerability has been detected. This is just one of the reasons GHAS users fixed 24 million vulnerable packages in 2022.

Today, GHAS will be publicly available on Azure DevOps. GHAS has been a game-changer for many development teams, providing critical application security testing capabilities, such as secret scanning, dependency scanning (SCA), and code scanning (SAST) natively in the developer workflow. With these features natively embedded in Azure DevOps, teams can leverage the power of GHAS without leaving their familiar Azure DevOps environment.

Secret scanning: stop secret leaks

Secret scanning detects and prevents secret exposure in your application development process. Stolen credentials are present in nearly 50% of security incidents, highlighting the need for organizations to secure their secrets. GHAS for Azure DevOps provides out-of-the-box secret scanning, with no additional tooling required. You can easily enable it on all your repositories to instantly detect exposed secrets. In 2022 alone, GitHub detected over 1.7 million exposed secrets.

Dependency scanning: secure your software supply chain

Dependency scanning is another key feature that can help identify vulnerabilities in open source packages used in Azure Repos. With the rise of open source supply chain attacks, and the presence of vulnerabilities like Log4Shell, developers need to take extra precautions to ensure their code is secure. GHAS for Azure DevOps identifies the open source packages used in Azure Repos and provides guidance on how to upgrade those packages to mitigate vulnerabilities.

Code scanning: prevent and fix vulnerabilities in your code

Code scanning is a critical component of any robust application security strategy, and GHAS’ CodeQL static analysis engine has quickly become an industry leader in detecting static code vulnerabilities. With the integration of CodeQL scans directly into Azure Pipelines, developers can now detect hundreds of code security vulnerabilities across a wide range of languages, including C#, C/C++, Python, JavaScript/TypeScript, Java, Go, and more.

Interested in learning more? Request a demo.



Source link