Developer Enablement Briefing — June 20, 2024

Executive briefing: Microsoft announced on June 20, 2024 that GitHub Advanced Security for Azure DevOps (GAS for ADO) is generally available, bringing code scanning, secret scanning, and dependency review to Azure Repos customers without requiring migration to GitHub.com.

Key enablement signals

First-party integration. GAS for ADO uses the same CodeQL analysis engine and secret scanning detectors as GitHub Advanced Security, with managed infrastructure hosted in Azure.
Policy controls. Organisations can now enforce security gate policies (build failure on critical alerts, manual approvals) directly within Azure Pipelines.
Unified reporting. Microsoft launched Microsoft Defender for DevOps dashboards aggregating GAS for ADO findings with GitHub and Bitbucket telemetry.

Control alignment

OWASP SAMM & ISO/IEC 27034. Map GAS for ADO rollout to secure build, verification, and deployment practices, documenting code scanning coverage per product line.
NIST SP 800-218 (SSDF). Use dependency review data to enforce provenance policies and upstream vulnerability remediation SLAs.

Detection and response priorities

Integrate GAS alerts into SIEM/SOAR pipelines and tune notifications to reduce noise during the initial migration from third-party scanners.
Validate that service accounts running pipelines respect least-privilege scopes required for CodeQL and secret scanning uploads.

Enablement moves

Develop migration guides for teams moving from standalone scanners to GAS for ADO, including repository onboarding scripts and policy templates.
Extend secure coding training to cover CodeQL query triage and GitHub’s developer remediation guidance.

Sources

Zeph Tech equips platform engineers with enterprise rollout plans for GitHub Advanced Security controls inside Azure DevOps environments.