How to install Zero Touch Provisioning for Azure DevOps¶
Zero Touch Provisioning (ZTP) for Azure DevOps (ADO) enables the security check workflows to be executed from the .boost
repository in the ADO organization. To install ZTP for Azure DevOps, follow the steps below:
- Create a repo called
boost
, which has to not be empty. I.e., you can include a.README
file. - Update the Person Access Token (PAT) you created to install BoostSecurity to also include the following.
- Build: Read & execute
- Code: Read, Status
- Navigate to the Integrations page and select the Azure DevOps integration from the
Available
section. - Select Install, and you will be directed to authorize access to Azure DevOps for your organization.
- Select the appropriate organization for which you want to authorize the BoostSecurity App.
- Select Grant access.
- Proceed to the Integrations page again and select "Zero Touch Provisioning For Azure DevOps" and go ahead to install ZTP for ADO for your organization.
-
Next, navigate to the Provisioning page and select at least one repository you'll be installing ZTP on.
Note: Do not install ZTP on the
boost
repository. -
Click on "Provision 1 Repository" in the top-right corner of the page.
- Select "Zero Touch Provisioning" and click the "Next" button.
- Select the scanners to provision for the repo. BoostSecurity Scanner and Semgrep are often good scanners to start with.
- Select "Azure DevOps Pipelines" and click on "Complete".
- To authorize this action, click "Grant access" in front of the chosen repository.
- Navigate to your project's
boost
repo on Azure DevOps, merge the Pull Request fromYOUR-ORGANIZATION/boostsecurity-ci-provisioning
, and then delete the branch.
And that's it!! You've successfully installed ZTP on your organization's repo. You can then navigate to Scans to check you can if you can see the scan after a few minutes or if you see the pipeline running immediately.