SUPPORT

Contact Support

OPEN A TICKET

Integrating Netsparker Enterprise with Azure Pipelines

Azure DevOps is a web-based DevOps manager that provides CI/CD pipeline features called Azure Pipelines.

You can integrate Netsparker Enterprise with Azure Pipelines using cURL or PowerShell scripts generated by our Integration Script Generator, in order to enable our advanced integration functionality.

Opted for using the Netsparker Enterprise Extension for Azure Pipelines? Then, from the Netsparker Enterprise main menu, go to Integrations > New Integration > Azure Pipelines. And, select View Extension in the Use Extension section.

For further information about installation and configuration, see Netsparker Enterprise Extension.

Azure Pipelines Logo

For further information, see What Systems Does Netsparker Integrate With?.

Azure Pipelines Fields

This table lists and explains the Azure Pipelines fields in the New Azure Pipelines Integration window.

Button/Section/Field

Description

Scan Type

This is the type of scan:

  • Incremental
  • Full (With primary profile)
  • Full (With selected profile)

For further information, see Types of Scans.

Website

Click to select the URL of the website that will be scanned.

Scan Profile

Click to select the Scan Profile that will be used. (If you selected Full (With primary profile) as the Scan Type, this is not displayed.)

cURL / PowerShell

Add the information in this script to the corresponding fields in the config.yml file in your project. Use variables for Netsparker Enterprise and API credentials.

Generating and Using Netsparker Enterprise’s Azure Integration Scripts

Netsparker Enterprise uses cURL and PowerShell command-line tools to integrate with Azure Pipelines. In order to integrate with Netsparker Enterprise, the Pipeline agent’s execution environment must support cURL or PowerShell.

These instructions are based on PowerShell, but the same can be applied for cURL.

How to Generate Netsparker Enterprise's Azure Pipelines Integration Scripts

  1. Log in to Netsparker Enterprise.
  2. From the main menu, go to Integrations New Integration >  Azure Pipelines

  1. From the Integration Script Generator section, select the relevant Scan Settings:
    • From the Scan Type field, select an option
    • From the Website drop-down, select a website
    • From the Scan Profile drop-down, select a scan profile (this is not displayed if you select Full with Primary Profile as the Scan Type)
    • Enable the Stop the scan if the Build fails, if required
    • Enable the Fail the Build if one of the selected scan severity is detected, if required
    • Enable the Fail the Build if one of the selected scan severity is detected
    • Enable the Fail the Build if one of the selected scan severity is detected, if required (For further information, see Using Build Fail in Azure Pipelines Project.)
  1. In the PowerShell field, click Copy to copy the PowerShell script. You will then paste this into the file described in How to Use Netsparker Enterprise’s Azure Pipeline Integration Script Step 6.

How to Use Netsparker Enterprise's Azure Pipeline Integration Script

  1. Log in to your Azure DevOps account.
  2. Navigate to your Azure DevOps Project window.
  3. Go to Pipelines > Select a Pipeline Edit.
  4. Add PowerShell Task to the pipeline.
  5. Add the PowerShell script copied from the Integration Script Generator. (See How to Generate Netsparker Enterprise’s Azure Pipelines Integration Scripts.)
  6. Select Variables. Add your Netsparker Enterprise API credentials as USERID and APITOKEN variables.
  7. From the Save & Queue drop-down, select Save.

Using Build Fail in Azure Pipelines Project

It is possible to configure a failure in the Azure Pipelines build to stop the scan when a vulnerability severity is detected.

The build fail parameters operate in the AND logic. To fail a build, all selected parameters have to be met. For instance, if you select Critical from the severity drop-down and select the Confirmed checkbox, the build fails only if these two conditions are met.

This can be configured using the Severity, Confirmed, False Positive, and Accepted Risk parameters.

  1. Scan Severity: With this option, you choose which severity will fail this build when found in a related scan. If you choose “DoNotFail”, the detected vulnerability does not affect your Azure build.

The options for Scan Severity are:

  • DoNotFail
  • Critical
  • High or above
  • Medium or above
  • Low or above
  • Best Practice or above
  1. Confirmed: With this option, you choose to fail this build when a vulnerability found in a related scan is confirmed.

For example, if you choose the Medium or above option from the Scan Severity drop-down and select the Is Confirmed checkbox, the build fails only if the vulnerability has medium or higher severity and that vulnerability is confirmed. Otherwise, the build continues.

  1. False Positive: With this option, you choose not to fail this Azure build when the scan identifies a vulnerability set as a False Positive.

For example, if you choose the Medium or above option from the Scan Severity drop-down and select the False Positive checkbox, the build will not fail if the vulnerability has medium or higher severity and that vulnerability is false positive. Otherwise, the build fails.

  1. Accepted Risk: With this option, you choose not to fail this Azure build when the scan identifies a vulnerability set as an Accepted Risk.

For example, if you choose the Medium or above option from the Scan Severity drop-down and select the Accepted Risk checkbox, the build will not fail if the vulnerability has medium or higher severity and that vulnerability is accepted risk. Otherwise, the build fails.

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo