SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Integrating Netsparker Enterprise with Azure DevOps

Microsoft Azure is a cloud computing service that offers Azure DevOps, an issue tracking system, as a software as a service. Its purpose is to help businesses build, deploy and manage web applications. Part of this web application management includes the ability to track work, issues and code.

This topic explains how to configure Netsparker Enterprise to send a detected vulnerability to Azure DevOps (including using the wizard).

For further information, see What Systems Does Netsparker Integrate With?.

Azure DevOps Fields

This table lists and explains the Azure DevOps Fields in the New Azure DevOps Integration window.

Button/Section/Field

Description

Name

This is the name of the configuration that will be shown elsewhere.

Mandatory

This section contains fields that must be completed.

Project URI

This is the Azure DevOps project web address.

Username

This is the name of the user. If you are using a personal access token (see below), leave this field blank.

Password or Access Token

This is the password or the access token for the user. If the password is entered, you need to provide the username too. (You can generate an access token by navigating to Azure DevOps Services, and selecting Security on your Profile context menu, then Personal Access Tokens.)

Title Format

This is the strong format that is used to create the vulnerability title.

Optional

This section contains options fields.

Domain

This is the domain of the user.

Work Item Type Name

This is the type of the work item (bug, task).

Assigned To

This is the user to whom the issue is assigned.

Tags

These are the work item tags, separated by a semicolon (;).

Custom Fields

This section contains user-defined custom fields.

New Custom Field

Click to create a new custom field.

Name

Enter a name for the the new custom field identifier.

Value

Enter a value for the new custom field.

Dropdown

Click the dropdown to change the input type. The options are:

  • Text
  • Password
  • Textarea
  • File upload

Create Sample Issue

Once all relevant fields have been configured, click to create a sample issue.

How to Integrate Netsparker Enterprise with Azure DevOps

  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Integrations, then New Integration.

  1. From the Issue Tracking Systems section, click Azure DevOps.

  1. In the Name field, enter a name for the integration.
  2. In the Mandatory section, complete the connection details:
    • Project URI
    • Username
    • Password or Access Token
    • Title Format        
  3. Open Azure DevOps.
  4. From the upper right menu, click the ellipsis, and then click User Settings. The current Personal Access Tokens are displayed. (Or you can create a new Personal Access Token by clicking New Token.)

  1. Copy the Token value from Azure DevOps (you will need it in the next step).
  2. In Netsparker Enterprise, paste it into the Password or Access Token field.
  3. Click Create Sample Issue to confirm that Netsparker Enterprise can connect to the configured system. A confirmation message is displayed to confirm that the sample issue has been successfully created.

  1. In the confirmation message, click the Issue number link to open the issue in your default browser.
  2. If the Azure DevOps integration is not configured correctly, Netsparker Enterprise will correctly route the following descriptive error messages to you. Sample error messages may be displayed as illustrated:
    • If any information is entered incorrectly

How to Export Reported Vulnerabilities to Projects in Azure DevOps

There are several ways to send issues to Azure DevOps with Netsparker Enterprise:

  • Once notifications have been configured, you can configure Netsparker Enterprise to automatically send vulnerabilities to Azure DevOps after scanning has been completed (see How to Configure a Notification to Report Vulnerabilities to an Issue Tracking System).
    • You can send one or more issues from the Issues window:
    • You must have Manage Issue permission.
    • From the main menu, select Issues, then All Issues. The Issues window is displayed.
    • Select one or more issues you want to send.
    • Click Send To, then Azure DevOps

    • A popup is displayed, with a link to the issue you have sent to Azure DevOps. If there is an error, this information will be displayed instead.

  • You can also send an issue from the Recent Scans window:
    • From the main menu, click Scans, the Recent Scans.
    • Next to the relevant scan, click Report. The report is displayed.

    • Scrolls down to the Technical Report section.
    • From the list of detected vulnerabilities, click to select an issue and display its details.

    • Click Send To, then Azure DevOps

    • If you have previously submitted this vulnerability to Azure DevOps, it will already be accessible. You cannot submit the same issue twice.
  • If you view opened problem logs in Azure DevOps, they look like this.

  • Work item details on Azure DevOps look like this.

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO