Edit

Share via

Improved GitHub Advanced Security Scanning

  • Article

We're excited to introduce new updates in GitHub Advanced Security for Azure DevOps, featuring commit-less builds for expanded dependency scanning and improved file previews with annotations for CodeQL scans.

Check out the release notes for details.

GitHub Advanced Security for Azure DevOps

Azure Boards:

Azure Repos

Azure Pipelines

Test Plans

GitHub Advanced Security for Azure DevOps

Commit-less builds supported for dependency scanning

Dependency scanning no longer requires a new commit to trigger a results submission. With this update, all builds will submit detected components for vulnerability analysis, whether or not they include commit changes. This enhancement streamlines security workflows and broadens scan coverage.

File previews and annotations for CodeQL scans using sourcesFolder

Now, when using the sourcesFolder variable in CodeQL builds, file previews and annotations display accurately in alerts and pull requests, giving you consistent, reliable visibility into scan results.

Azure Boards

New REST API limit on work item comments

To enhance security, a new limit has been set on the number of comments that can be added to work items through the REST API. Each work item now supports a maximum of 1,000 comments via the API. This restriction applies solely to the REST API, and users can still manually add comments through the web interface, even beyond the 1,000-comment threshold.

Azure Repos

Search pull requests by title on PR listing page

The pull requests listing page now includes a filter by PR title, making it easier to locate specific pull requests.

Screenshot of filtering by PR title.

Azure Pipelines

macOS-15 Sequoia is available in preview

The macOS-15 image is now available in preview for Azure Pipelines hosted agents. To use this image, update your YAML file to include vmImage: 'macOS-15':

- job: macOS15
  pool:
    vmImage: 'macOS-15'
  steps:
  - bash: |
      echo Hello from macOS Sequoia Preview
      sw_vers

For macOS-15 installed software, see image configuration.

The macOS-14 image will still be used when specifying macOS-latest. Once macOS-15 is generally available, macOS-latest migrates directly to macOS-15.

Improvements to service connection App registration attribution

When a service connection targets Azure, it automatically creates an App registration. To find the identity associated with a service connection, you can use the 'Manage App registration' link on the service connection details page. We received feedback that, when browsing App registrations directly in Microsoft Entra ID, it isn't always clear what an App registration is used for.

To improve the attribution experience, we made the following changes:

App registration notes and service management reference

Newly created Azure service connections can now include a service management reference in addition to a description:

Screenshot of service connection creation page.

This information is used to populate App registration metadata that can be found on the Branding & properties blade:

Screenshot of app registration properties.

If a description wasn’t provided during service connection creation, a default note will be added to the App registration.

New naming convention for App registrations in Azure service connections

Previously, service connections were named using the format <azure devops org>-<azure devops project>-<azure subscription id>, making it challenging to distinguish between App registrations linked to the same Azure subscription. To improve clarity, App registration names will now include the service connection ID, following this format: <azure devops org>-<azure devops project>-<service connection id>.

You can find the service connection ID on the service connection details page:

Screenshot of service connection details page.

You can also follow or share the 'Manage App registration' link or 'Manage identity' if a Managed Identity is used.

Test Plans

Azure Test Runner version 1.2.2

Azure Test Plans released a fix in 1.2.2 for a recent issue in Test Plans where Azure Test Runner(ATR) experienced launch failures in Chrome version 130. This issue arose due to Chrome’s added support for non-special scheme URLs, which impacted the ATR user flow. With this update, the regression bug is resolved, and ATR functionality is restored. For more details about this regression bug, visit this issue tracker in Chromium.

We encourage you to use web application for enhanced features. If you find any missing features in web application, we would love to hear from you. Share your feedback with us!

New sorting capabilities in Test Plans directory

The Test Plans directory now offers enhanced sorting options! With this update, you can quickly organize each column alphanumerically, providing a streamlined way to find and access your data.

Gif to demo Sorting in Test Plans Directory.

Auto Pause for Test Case Run preview

Manual testers often encounter challenges with losing progress on test cases if an incomplete run isn’t marked as “Paused” before selecting “Save and Close.” This can result in lost work on complex or lengthy cases, requiring testers to start over. To solve this, we’re introducing Auto Pause for Test Case Run. This feature automatically pauses a test case if there’s a break or interruption, ensuring all data is saved without needing a manual pause. With Auto Pause, testers can easily resume right where they left off, simplifying the testing process and making it more efficient. A preview will be available in the coming weeks—email us if you’d like to join!

New release version for Test and Feedback Extensions (TFE)

We’re thrilled to announce the release of TFE version 1.0.247.0, now available on both Chrome and Edge. Install the latest version for improved functionality, with a fix for Stakeholder Mode, addressing and resolving previous disruptions. Enjoy a smoother, more reliable experience with this latest version!

Next steps

Note

These features will roll out over the next two to three weeks.

Head over to Azure DevOps and take a look.

Go to Azure DevOps

How to provide feedback

We would love to hear what you think about these features. Use the help menu to report a problem or provide a suggestion.

Make a suggestion

You can also get advice and your questions answered by the community on Stack Overflow.

Thanks,

Dan Hellem