GitHub Advanced Security for Azure DevOps

My newest LinkedInLearning Course is available now! This course is all about GitHub Advanced Security for Azure DevOps. It’s a great way to learn how to use the GitHub Advanced Security features in your Azure DevOps pipelines, with practical examples. There is even an example repository that you can use to follow along with the course. You can find the course on LinkedIn Learning: GitHub Advanced Security for Azure DevOps.

If you want to read more about GitHub Advanced Security for Azure DevOps you can read my post here. That’ll show you what this new functionality in Azure DevOps is all about.

Course overview

In the course I’ll take you through the three main pillars of Advanced Security for Azure DevOps, that can be used separately and help you shift your security practices left, as is a recommend practice in DevSecOps.

The three pillars of Advanced Security are:

• Dependency scanning: know what dependencies you are using, and if they have any known vulnerabilities in the versions you use.
• Secret scanning: make sure you don’t accidentally commit secrets to your repository, and if you do, get notified so you can revoke the secret.
• Code scanning: scan your code for known vulnerabilities, and get notified if you do.

These features can help you shift your security practices left, and thus help you find and fix security issues earlier in the development process. This can help you greatly reduce the cost of fixing security issues.

Next to explaining how to use the features Advanced Security has, I also show examples of how to get an overview of your progress and alerts in either Defender for Cloud in Azure, or by using my GHAZDo Extension in Azure DevOps.

Keep on learning!