Skip to main content

Azure DevOps

Source code stored in GitHub can be scanned for risks. To configure this, please follow the steps below.

  1. Click the Integrations button

Vulnerabilities Compliance dashboard showing integrations button

  1. Click on Azure DevOps.

Vulnerabilities Compliance dashboard showing un-configured GitHib integration

  1. Due to limitations in Azure DevOps, we are unable to make use of OAuth or an Azure Market Place App. Configure a Personal Access Token (PAT) to setup this integration. Please see Microsoft's Use personal access tokens for how to generate a token. The token should be scoped to the code: read permission.

  2. Please also specify the name of the organisation the PAT was generated for as appears in your organisation settings (see organisations in Azure DevOps).

  3. Click Configure Azure DevOps. You'll then be re-directed back to the dashboard and your Azure DevOps repositories will be scanned.