SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Integrating Netsparker Standard with Azure DevOps

Microsoft Azure is a cloud computing service that offers Azure DevOps, an issue tracking system, as a software as a service. Its purpose is to help businesses build, deploy and manage web applications. Part of this web application management includes the ability to track work, issues and code.

This topic explains how to configure Netsparker Standard to send a detected vulnerability to Azure DevOps.

For further information, see Configuring the User Interface for Custom Send To Actions in Netsparker Standard and Configuring Auto Send To Actions in Netsparker Standard and What Systems Does Netsparker Integrate With?.

Azure DevOps Fields

This table lists and explains the Azure DevOps fields in the Send to Actions tab.

Field

Description

Add

This is the dropdown to add an integration.

Delete

This is a button to delete an integration that has already been selected.

Create Sample Issue

This is a button to create sample issue to test the configuration.

Action

This is a field about the configuration action.

Display Name

This is the name of the configuration that will be shown on menus.

Mandatory

These fields must be completed.

Project URL

This is the TFS project web address.

Username

This is the name of the user.

If you are using a personal access token (see below), leave this field blank.

Password or Token

This is the password of the user or the personal access token.

Vulnerability

These are fields about vulnerability details.

Body Template

This is the template file that is used when rendering issue contents.

Title Format

This is the string used when formatting a vulnerability title.

Optional

These are optional fields.

Domain

This is the domain of the user.

Work Item Type

This is the type of the work item.

Assigned To

This is the user name to whom to assign issues.

Tags

These are the work item tags, separated by a semicolon (;).

Custom Fields

These are the custom fields that are defined for the project.

How to Integrate Netsparker Standard with Azure DevOps

  1. Open Netsparker Standard.
  2. From the Home tab on the ribbon, click Options. The Options dialog is displayed.
  3. Click Send To Actions.

  1. From the Add dropdown, select Azure DevOps.

The Azure DevOps fields are displayed.

  1. In the Mandatory, complete the connection details:
    • Project URL
    • Username
    • Password or Token
If you use a personal access Token, keep the Username field empty. If you have alternate credentials, fill in the Username and Password fields.

To learn how to create a Token, read Authenticate access with personal access tokens.

  1. In the Vulnerability section, complete Body Template and Title Format.
Body templates are stored in %userprofile%\Documents\Netsparker\Resources\Send To Templates. If you use your own custom templates, store them in this location.
  1. In the Optional section, complete the following fields:
    • Domain
    • Work Item Type
    • Assigned To
    • Tags
    • Custom fields
To learn about the Work Item Type field , read Add and manage work item types. To learn about Custom fields, read Add and manage fields for an inherited process.
  1. Click Create Sample Issue to confirm that Netsparker Standard can connect to the configured system and create a sample issue. The Send To Action Test dialog is displayed to show if the sample issue is successfully created.

  1. In the Send To Action dialog, click the Issue number link to open the issue in default browser.

How to Export Reported Vulnerabilities to Projects in Azure DevOps

  1. Open Netsparker Standard.
  2. Load the required scan.
  3. In the Issues panel, right click on the vulnerability you want to export to Azure DevOps and select Send to Azure DevOps. (Alternatively, in the Vulnerability tab in the ribbon, click Send to Azure DevOps.)

  1. Click the Azure DevOps Send to Action is executed for the selected vulnerability link to see the created issue in Azure DevOps.

  1. The vulnerability is now automatically exported to Azure DevOps. You can view it in the Azure DevOps Work Items tab.

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO