GitHub vs Azure DevOps
Introduction
Recently one of our clients has asked if it might be worthwhile to look into GitHub. They are currently using Azure DevOps and are as far as I understand quite happy with it. So, I drew up a short summary of pro’s and cons about GitHub vs Azure DevOps. The response that I got was very enthusiastic. And because of it I decided to share this information here.
Keep in mind that this is not a full in depth comparison of both products but more of a management summary intended to decide if it would be valuable to look into what GitHub can offer a company that is currently using Azure DevOps.
GitHub vs Azure DevOps
Since the day Microsoft acquired GitHub they have started working towards brining these tools closed to each other. My personal opinion is that in the long run they will be merged and a single tool will remain. This can be seen in Microsoft’s imagery about their product positioning. A good example is the following image used in one of the blogs posts on Microsoft Developer Blogs .
In addition Medium.com has a great article on the same subject where Sasha Rosenbaum (GitHub product manager) is quoted stating that in the end there will be one product. However it will take a long long time.
Please not that the pro’s listed in this chapter are not all applicable to all pricing plans.
Generic pro’s
-
Microsoft’s own (public) source code is published in GitHub.
-
GitHub has a huge and quite active community.
-
GitHub has a far larger and more versatile offer of add-ins on it’s Marketplace.
-
GitHub integrates nearly seamless with Azure DevOps, to the point that its even possible to use Azure DevOps board backlog items directly in GitHub.
-
Like Azure DevOps GitHub also come equipped with Azure integration via Azure Pipelines.
Most notable pro’s
-
GitHub has dependency scanning where you get notifications and automatic pull requests when you have dependency vulnerabilities in third party packages source .
-
GitHub has secret scanning that watches public and private (currently in beta for private repos) repositories for known secret formats and immediately notifies either the secret provider or private repository admins when secrets are found source .
-
GitHub has the ability to find security issues as you code source .
-
GitHub has GitHub Actions, an extensive workflow automation solution with CI/CD incorporated into it. It’s like CI/CD on steroids.
-
GitHub has GitHubPages which is a feature to host and generate static HTML web pages from markdown documentation that is hosted inside your GitHub repositories.
Cons
-
In’s unclear where GitHub stores the data geographically (although I did not reach out to GitHub to ask this directly), this could be an issue for some organizations from a compliance perspective.
-
Native backlog features of GitHub are ok for a small/simple project but are lacking functionality for Scrum based team. This can be solved by purchasing a more advanced 3rd party solution from GitHubs marketplace.
-
Single sign-on & automatic user provisioning features are only available as part of the Enterprise plan while Azure DevOps fully integrates with Azure Active Directory with a couple of simple clicks even in the “free” version.
Final mention
The security features mentioned as part of the pro’s are only available as part of the Enterprise plan. Azure DevOps also has a set of security features available as part of the Microsoft Security Code Analysis product . However these must be purchased separately via a Microsoft partner. Since this is not an in depth comparison I did not take the time to compare the security features. Perhaps I might do so in a separate blog post.
Conclusion
I love the way GitHub has been able to position itself, it’s well know within the technical community and as an open source hosting platform while at the same time offering Enterprise grade solutions for the Enterprise market. Integration with Azure DevOps is done really well. Combining best from both products, allowing companies to use portfolio management over multiple projects and supporting Scrum like development within those project via Azure Boards and utilizing the security tools and workflow automation as offered by GitHub at the same time. And because of the way licensing works within Azure DevOps there is near to no overlap in licensing cost when these products are used side by side.
As noted in the cons it would be great to see information about the geographical location as part GitHub’s product pages. I do think its a shame that Single sign-on feature is not available as par of the Team pricing offer. In the world of Cloud Identity is a key feature for security and its a shame its reserved for Enterprise as better security benefits us all.