Skip to content

How to install Zero Touch Provisioning for Azure DevOps

Zero Touch Provisioning (ZTP) for Azure DevOps (ADO) enables the security check workflows to be executed from the .boost repository in the ADO organization. To install ZTP for Azure DevOps, follow the steps below:

  1. Create a repo called boost, which has to not be empty. I.e., you can include a .README file.
  2. Update the Person Access Token (PAT) you created to install BoostSecurity to also include the following.
    • Build: Read & execute
    • Code: Read, Status
  3. Navigate to the Integrations page and select the Azure DevOps integration from the Available section.
  4. Select Install, and you will be directed to authorize access to Azure DevOps for your organization.
  5. Select the appropriate organization for which you want to authorize the BoostSecurity App.
  6. Select Grant access.
  7. Proceed to the Integrations page again and select "Zero Touch Provisioning For Azure DevOps" and go ahead to install ZTP for ADO for your organization.

  8. Next, navigate to the Provisioning page and select at least one repository you'll be installing ZTP on.

    Note: Do not install ZTP on the boost repository.

  9. Click on "Provision 1 Repository" in the top-right corner of the page.

  10. Select "Zero Touch Provisioning" and click the "Next" button.
  11. Select the scanners to provision for the repo. BoostSecurity Scanner and Semgrep are often good scanners to start with.
  12. Select "Azure DevOps Pipelines" and click on "Complete".
  13. To authorize this action, click "Grant access" in front of the chosen repository.
  14. Navigate to your project's boost repo on Azure DevOps, merge the Pull Request from YOUR-ORGANIZATION/boostsecurity-ci-provisioning, and then delete the branch.

And that's it!! You've successfully installed ZTP on your organization's repo. You can then navigate to Scans to check you can if you can see the scan after a few minutes or if you see the pipeline running immediately.