Skip to content

Integrate Azure DevOps with BoostSecurity

BoostSecurity lets you to connect your Azure DevOps projects to enable security checks on your repositories, including CI/CD supply chain security checks.

Prerequisites

Before you begin, make sure you have:

  • Created a Personal Access Token (PAT) on your Azure with certain permissions.

To create a PAT with the correct permissions,

  • Go to your Azure organization settings and navigate to your Personal Access Tokens.
  • Create a new PAT.

  • Click on the "Show all scopes" to show scopes on Azure.

    Scopes

  • After selecting the required permissions, click on Create to create your new PAT.

Permissions

This integration will use the following permissions:

  • Read access - Project and Team: Read the organization projects and team.
  • Read access - Code: Source code, repositories, pull requests, and notifications.
  • Read access - Agent Pools: Needed to get the list of Agent pools.
  • Read access - Analytics: read data from the analytics service.
  • Read & Write access - Pull Request Threads: Read and write to pull request comment threads.
  • Status access - Code: Source code, repositories, pull requests, and notifications.

1. Connect Azure DevOps to BoostSecurity

To install the BoostSecurity integration for Azure:

  1. Navigate to the Integrations page.

  2. Select the Azure DevOps Account integration from the Available section.

    Azure DevOps Account

  3. Select Install: A window pops up, directing you to provide the Personal Access Token and Integration Name for Azure and select Install.

    Please note that the token needs to have access to all the organizations.

    Installation

  4. Select Install to save.

Once the installation is completed, the BoostSecurity Azure DevOps Account card is added to the Settings > Integrations > Installed section.

Next Steps

It is recommended to enable default scanner protection for your Azure organization.