GitHub Secret Protection and Code Security Now Available for Azure DevOps

Laura Jiang introduces the new standalone GitHub Secret Protection and GitHub Code Security products for Azure DevOps, highlighting their features, pricing structure, and steps for implementation within organizations.

GitHub Secret Protection and Code Security for Azure DevOps

Author: Laura Jiang

Following recent changes to GitHub Advanced Security, GitHub is launching standalone security solutions—GitHub Secret Protection and GitHub Code Security—for Azure DevOps. Enterprises now gain the flexibility to choose and enable advanced security measures tailored to their repositories.

GitHub Secret Protection for Azure DevOps

• Pricing: $19 per active committer per month
• Features:
  • Push Protection: Helps prevent secret leaks proactively.
  • Secret Scanning Alerts: Notifies organizations of existing secret exposures before they can be exploited.
  • Security Overview: Offers detailed insights into an organization’s risk posture and security status.

GitHub Code Security for Azure DevOps

• Pricing: $30 per active committer per month
• Features:
  • Dependency Alerts: Detects vulnerabilities within open-source dependencies used by your codebase.
  • CodeQL Scanning: Analyzes code directly to identify potential vulnerabilities.
  • Third-Party Tool Findings: Integrates security findings from third-party security solutions.
  • Security Overview: Summarizes organizational risk and protection status in a unified dashboard.

Getting Started

The rollout for these features will occur during the week of launch. Once enabled in your organization, Azure DevOps administrators can activate Secret Protection and Code Security through Repositories settings at the organization, project, or repository level. Visual guidance is available in the repository settings documentation.

Cost Estimation

To estimate costs, visit the Azure pricing page for Azure DevOps Services. Look for the GitHub Advanced Security section for details on standalone feature pricing.

Migration and Support

For current Advanced Security users, existing services remain unaffected. To transition to the new standalone Secret Protection and Code Security subscriptions, submit a support ticket via the Azure Portal for the GitHub Advanced Security for Azure DevOps service. Specify “Billing migration from bundled to standalone products” and list associated Azure subscriptions to migrate.

Additional Resources

• Learn how to enable Secret Protection and Code Security and see an overview of included features.
• For product feedback, contact the team directly or post on the Developer Community.

Reference Links:

• GitHub Advanced Security on GitHub
• Azure DevOps Blog

This post appeared first on “Microsoft DevBlog”. Read the entire article here