View third-party providers code scan results in Azure DevOps
As we continue our integration with GitHub Advanced Security, we are excited to announce that you can now leverage the publish task (AdvancedSecurity-Publish@1) to import security results from third-party providers into the Advanced Security Code Scanning alerts hub!
Check out the release notes for details.
General
GitHub Advanced Security for Azure DevOps
- Security overview risk view links to repository alerts
- Publish task for integrating with third-party providers
Azure Pipelines
General
Improve search results with wildcard prefixes and substrings
We’re excited to announce our new search feature, which now supports wildcard as prefix and substring searches across code, work items, wiki, and packages. By adding a wildcard at the beginning and end of your search term, you can find all relevant strings that contain your term. For instance, entering "Test" in the search box yields results like "mytestclass","improvecodewithtest", and "test_wikiarticle". This feature rolls out over the next few weeks.
GitHub Advanced Security for Azure DevOps
Security overview risk view links to repository alerts
The security overview risk page now links directly to each repository's individual Advanced Security alerts page. Similar to the coverage page, for a particular repository, hover over the row and click on the icon on the right side of the row to navigate directly to the alerts page.
Publish task for integrating with third-party providers
The AdvancedSecurity-Publish@1 task allows you to easily retrieve results from third-party providers, enhancing the integration with GitHub advanced security for AzureDevOps. These providers can include both open-source and commercial security analysis pipeline tasks that generate results in the conforming SARIF format. By leveraging this, you can now view the results within the Advanced Security Code Scanning alerts hub, providing a unified view of code security alerts from currently supported analysis tools directly within Azure DevOps. This integration supports SARIF 2.1, offering you a comprehensive overview of their security posture.
For detailed instructions on configuring code scanning in GitHub Advanced Security with Azure DevOps, see Set up code scanning.
Azure Pipelines
macOS-14 Sonoma preview and macOS-11 retirement
The macOS-14 image is now available in preview for Azure Pipelines hosted agents. To use this image, update your YAML file to include vmImage:'macos-14':
- job: macOS14
pool:
vmImage: 'macOS-14'
steps:
- bash: |
echo Hello from macOS Sonoma Preview
sw_vers
For macOS-14 installed software, see image configuration.
The macOS-12 image will still be used when specifying macOS-latest. Once macOS-14 is generally available, macOS-latest will migrate directly to macOS-14. The macOS-latest label will skip macOS-13.
The macOS-11 image is deprecated and will be retired June 2024.
Node 10 removed from pipelines-* Agent packages
Our agents support tasks implemented in PowerShell or Node. The agent ships with multiple versions of Node accommodating different task requirements.
As new versions of Node are released, tasks are updated to utilize these newer Node versions. The required runtimes are included with the agent.
However, as older Nodes exit their maintenance window, some Pipelines tasks might still depend on them. Azure DevOps updates supported tasks to a Node version that's still supported, although third-party tasks might require older versions to run.
To manage this, we have two Pipeline agents packages:
| Packages | Node versions | Description |
|---|---|---|
vsts-agent-* |
6, 10, 16, 20 | Includes all Node versions that can be used as task execution handler |
pipelines-agents-* |
16, 20 | Includes only recent Node versions. The goal for these packages is to not include any end-of-life version of Node. |
If you want to run a task that requires the Node 10 execution handler on an agent that doesn't have Node 10 bundled, you can install the execution handler by inserting the NodeTaskRunnerInstaller@0 task in your pipeline:
steps:
- task: NodeTaskRunnerInstaller@0
inputs:
runnerVersion: 10
Next steps
Note
These features will roll out over the next two to three weeks.
Head over to Azure DevOps and take a look.
How to provide feedback
We would love to hear what you think about these features. Use the help menu to report a problem or provide a suggestion.
You can also get advice and your questions answered by the community on Stack Overflow.
Thanks,
Silviu Andrica
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for