Work Item Linking for GitHub Advanced Security Alerts in Azure DevOps Now Available

Laura Jiang announces the general availability of work item linking for GitHub Advanced Security alerts in Azure DevOps, simplifying security tracking and resolution in engineering teams.

Work Item Linking for GitHub Advanced Security Alerts in Azure DevOps Now Available

Author: Laura Jiang

Security vulnerabilities require active management—from tracking and prioritization to actually shipping fixes. Historically, engineers have faced friction handling security alerts alongside everyday sprint work, toggling between separate tabs for vulnerability alerts and project boards.

To address this, GitHub Advanced Security for Azure DevOps now supports work item linking: you can directly associate Azure DevOps board work items with Advanced Security alerts, creating a seamless connection between security findings and actionable engineering tasks.

Problem: Siloed Security and Sprint Planning

• Security alerts live in the Advanced Security hub, while sprint planning remains in DevOps Boards.
• Teams often lose context on alert ownership and struggle with visibility: Who’s responsible for a specific vulnerability? Is it being actively addressed?
• Bridging this gap helps both security and engineering teams stay aligned.

How Work Item Linking Works

• Bidirectional linking: From an alert, add a related work item; from a work item, link it to a security alert.
• UI enhancements: You’ll see which alerts have linked work items directly in the repository’s Advanced Security tab.
• Seamless navigation: Quickly switch between an alert and its corresponding work item for better context and faster action.
• Permissions respected: Only users with proper access can create links between alerts and work items.

Steps to Link

1. Open a security alert in the Advanced Security hub and click “Add” next to the Related Work section.
2. Alternatively, within a work item in Boards, add a link and select Advanced Security Alert as the link type.
3. Once linked, you can jump between the two with a click.

Additional Security Workflow Improvements

• Recent updates include:
  • One-click enablement for dependency scanning
  • Granular project and organization-level enablement settings
• These updates continue to make security workflows more native and robust within Azure DevOps.

Get Started

• Try it: Link work items to Advanced Security alerts
• Learn more: GitHub Advanced Security for Azure DevOps Documentation
• Feedback: Let the team know what you think

This enhancement helps engineering and security teams integrate workflows, reduce context-switching, and increase confidence that every critical security issue is tracked and resolved.

This post appeared first on “Microsoft DevOps Blog”. Read the entire article here