Azure DevOps has introduced two significant features aimed at improving application security management for teams. The CodeQL default setup allows organizations to enable code scanning across all repositories without the need for individual pipeline configurations. Additionally, a new combined alerts experience in the Security Overview provides security administrators with a centralized platform to manage and respond to alerts across their organization.
Previously, setting up CodeQL code scanning required extensive manual configuration for each repository, which posed challenges for organizations with numerous repositories. The new default setup simplifies this process, allowing users to activate code scanning with a single click. This change enables automatic CodeQL scans through Azure Pipelines without further configuration.
Unified Alerts Experience: The combined alerts experience addresses a common request from security administrators who need a comprehensive view of security alerts across all repositories. The Security Overview alerts tab aggregates alerts from the default branch of every repository, allowing for easy searching, filtering, and sorting from a single interface.
Security Campaigns: This feature enables teams to create tailored views of alerts based on specific criteria, such as vulnerability type or severity level. Security campaigns can be shared among team members, enhancing collaboration on remediation efforts. Filters are dynamic, updating in real-time as new vulnerabilities are detected.
Next Steps: Organizations can begin utilizing the CodeQL default setup by enabling it through their repository or organization settings. To access the combined alerts dashboard, administrators should navigate to their Organization Settings and select Security Overview.
These enhancements are part of Azure DevOps's ongoing commitment to streamline security workflows and improve the overall security posture of applications. The rollout of these features is expected to occur over the next two to three weeks.
