Azure DevOps is constantly coming out with new features to help improve your productivity, security, and quality. In this blog post, we will highlight some of these new features that were released in Q3 2023.

GitHub Advanced Security for Azure DevOps

One of the major initiatives in Q3 was the general availability of GitHub Advanced Security (GHAS) for Azure DevOps. This feature allows you to leverage the power of GitHub’s code scanning and secret scanning capabilities within your Azure DevOps repositories. You can also use third-party security analysis tools that generate results in SARIF format and display them in the Advanced Security Code Scanning alerts hub. Additionally, you can use custom CodeQL queries to find and fix vulnerabilities in your code. In short, GHAS helps you secure your code and protect your assets from malicious actors. Any project collection administrator can now enable Advanced Security for their organization, projects, and repos from the Project Settings or Organization Settings.

CodeQL code scanning now supports Swift

Speaking of security, CodeQL code scanning now includes Swift. This means that developers working on applications for Apple platforms can take advantage of code security analysis. This analysis includes the detection of path injection, risky web view fetches, various cryptographic misuses, and other forms of unsafe handling or processing of unfiltered user data.

Centralized control for building PRs from forked GitHub repos

One of the great things about GitHub is the ability to have the community work together on a project and give suggestions. However, this can come with risks, particularly those associated with fork builds. Forks can be dangerous because they come from outside your organization. Managing public repositories can come with a substantial amount of work to maintain security standards. Now, there is an organization-level control for defining how pipelines build pull requests from forked GitHub repos. The new setting is called Limit building pull requests from forked GitHub repositories and works at organization and project level. Furthermore, for new organizations, pull requests from forked repositories are securely built by default.

Azure Artifacts support for Cargo Crates

Azure Artifacts now offers native support for Cargo crates. Rust developers and teams can now consume, publish, manage, and share their Cargo crates seamlessly, all while using Azure’s robust infrastructure and staying in the familiar Azure DevOps environment. This support is in public preview. You can get started by navigating to your Azure DevOps project, selecting Artifacts, and following the instructions to connect your Rust project to your Azure Artifacts feed.

Workload identity federation in Azure Pipelines

Azure Pipelines now offers workload identity federation in public preview. Workload identity federation uses an industry-standard technology, Open ID Connect (OIDC), to simplify the authentication between Azure Pipelines and Azure. Instead of certifications that must be manually changed, workload identity federation allows you to create an identity with an external identity provider. This identity establishes a trust relationship with protected resources and is able to access them securely. This also eliminates the risk of leaking stored secrets or having credentials expire.

To learn more about these features and learn how they can empower you and your team, contact our experts here at PRAKTIK.