Listen to this story
At Microsoft Build, the company announced that GitHub Advanced Security for Azure DevOps has been made accessible to everyone, and is in public preview. GitHub Advanced Security for Azure DevOps brings the same industry-leading developer security capabilities as GitHub Advanced Security to Azure DevOps, integrated directly into Azure Repos and Azure Pipelines. This includes secret scanning, dependency scanning, and CodeQL code scanning capabilities available within GitHub Enterprise, which is a commercial version of GitHub that is designed for enterprise-scale software development and collaboration.
Microsoft said that the GitHub Advanced Security for Azure DevOps has the same pricing as GitHub Advanced Security – i.e. $49 per active user per month.
GitHub Advanced Security for Azure DevOps helps users find and prevent the exposure of sensitive information (secrets) in Azure Repos. It detects if any secrets have already been exposed and block any attempts to push code containing secrets, helping enterprises reduce the risk of security breaches.
This feature identifies vulnerabilities in the open-source packages used in code. It checks both direct dependencies and dependencies used by those dependencies. Moreover, it provides guidance on how to upgrade your packages to address these vulnerabilities.
GitHub Advanced Security includes a powerful analysis engine – CodeQL. It scans your code for security vulnerabilities across various programming languages. It can detect issues like SQL injection and authorisation bypass. For instance, you can run CodeQL scans directly from Azure Pipelines in Azure Repos and take action on the results.
Legal Trouble Mounts
This new announcement comes against the backdrop of scepticism that exists in the enterprise and the IT landscape, particularly related to the usage of platforms powered by foundational models developed by OpenAI and Microsoft – the likes of GPT-4 and CodeX (GitHub), which have been trained on public-domain data and codes to deliver the desired outcomes.
A few days back, Twitter accused Microsoft of using its data without due permission. It has also charged the tech company for sharing Twitter’s data with the US government. This could invite a ‘lawsuit’ from Twitter, as hinted by Elon Musk.
Also, a class action lawsuit was filed against Microsoft, OpenAI, and GitHub for scrapping the licensed code to build AI-powered Copilot in November last year. This has been one of the biggest roadblocks for the company, and it is now desperately looking to escape – asking the court to dismiss a proposed class complaint.
With the latest announcement, Microsoft is looking to remove all the stigma associated with it and give enterprise customers complete control over their security and beyond.