GitHub Advanced Security has expanded its capabilities, allowing code analysis for semantic vulnerabilities within third-party CI pipelines, including Azure DevOps, rather than being limited to GitHub Actions. The post outlines a step-by-step guide to implementing GitHub Advanced Security Code Scanning in an Azure DevOps CI pipeline, specifically for a Node.js application using the YAML editor. It details the process of downloading and configuring CodeQL, analyzing the code, and uploading results back to the GitHub repository for developer review. The integration involves setting up the Azure DevOps pipeline, installing necessary packages, initializing the CodeQL executable, and running analyses, with results accessible under the Security tab in GitHub. Additionally, users can customize the scan further by adding configuration files to expand the number of queries, and while the guide uses a Personal Access Token for authentication, it suggests using GitHub Apps as an alternative. This integration aims to enhance security measures by leveraging advanced code scanning capabilities, offering a potential pathway for organizations considering a shift to native GitHub Actions for defining pipelines.