Integrate Azure DevOps with BoostSecurity¶
BoostSecurity lets you connect your Azure DevOps projects to enable security checks on your repositories, including CI/CD supply chain security checks.
Prerequisites¶
Before you begin, make sure you have:
- Created a Personal Access Token (PAT) on your Azure with certain permissions.
- Installed the Azure DevOps BoostSecurity Scanner marketplace application.
- Created a non-empty
boostrepo in the organization where you installed the BoostSecurity marketplace application.
To create a PAT with the correct permissions,
-
Go to your User Settings and navigate to your Personal Access Tokens.
- In the top right corner, next to your user icon, expand the user settings contextual menu.
- Open the personal access token setting by click on the corresponding menu item.
-
Create a new personal access token as follows:
- Set the expiration for the token. It is recommended to set it to the longest period according to your organization guidance.
- Under the “Organization” input field either select all the organizations or a single organization for which you want to set boost.
- In scope select the "custom defined" option, expand to show allow scopes and set the required permissions.
- Click on Create to create your new PAT.
Permissions¶
This Integration and Zero Touch Provisioning will use the following permissions:
| Scope Group | Permissions |
|---|---|
| Agent Pools | Read |
| Analytics | Read |
| Build | Read & Execute |
| Code | Read and WriteStatus |
| Extensions | Read & Manage |
| Pipeline Resources | Use & Manage |
| Project & Team | Read |
| Pull Request Threads | Read & Write |
| Variable Groups | ReadCreate & Manage |
1. Connect Azure DevOps to BoostSecurity¶
To install the BoostSecurity integration for Azure:
- Go to the
Integrations page. - Select the Azure DevOps integration from the
Availablesection. -
Click Install: A window will appear, prompting you to provide the Organization name and Personal Access Token for Azure, then click Next.
Note
If the Personal Access Token is set to expire, the BoostSecurity Azure DevOps integration will need to be updated with a new token once the original one expires.
-
Choose the Project in Azure from the drop-down menu.
-
Click Complete to save.
Once the installation is complete, the BoostSecurity Azure card is added to the Settings > Integrations > Installed section. At this point, BoostSecurity integration is enabled for your Azure project. You can repeat these steps to allow integration with additional Azure projects.
2. Enable Default Scanner Protection¶
After successfully integrating your Azure DevOps organization, enabling the BoostSecurity scanner is recommended.
To do this:
-
Go to the Scanner Coverage page and select the Default Scanner Protection column for your ADO integration.
-
Toggle SAST, SBOM, SCA, or Secrets to enable the BoostSecurity Scanner default protection on your ADO resource.
