SUPPORT

Contact Support

OPEN A TICKET

Integrating Netsparker Standard with Azure DevOps

Microsoft Azure is a cloud computing service that offers Azure DevOps that covers the entire application lifecycle and enables DevOps capabilities. Its purpose is to help businesses build, deploy and manage web applications. Part of this web application management includes the ability to track work, issues and code.

This topic explains how to configure Netsparker Standard to send a detected vulnerability to Azure DevOps (including using the wizard).

For further information, see Configuring the User Interface for Custom Send To Actions in Netsparker Standard and Configuring Auto Send To Actions in Netsparker Standard and What Systems Does Netsparker Integrate With?.

Azure DevOps Fields

This table lists and explains the Azure DevOps fields in the Send to Actions tab.

Field

Description

Add

Click to add an integration.

Delete

Click to delete the integration and clear all fields.

Configure Send To

Click to configure the integration using the Settings Wizard instead of doing it manually.

Create Sample Issue

Once all relevant fields have been configured, click to create a sample issue.

Action

This section contains general fields about the Send to Action.

Display Name

This is the name of the configuration that will be shown in menus.

Mandatory

This section contains fields that must be completed.

Project URL

This is the TFS project web address.

Username

This is the name of the user. If you are using a personal access token (see below), leave this field blank.

Password or Token

This is the password of the user or the personal access token.

Vulnerability

This section contains fields with vulnerability details.

Body Template

This is the template file that is used to create description fields.

Title Format

This is the string format that is used to create the vulnerability title.

Optional

This section contains optional fields.

Domain

This is the domain of the user.

Work Item Type

This is the type of the work item. (Default value: Task)

Assigned To

This is the user to whom the issue is assigned.

Tags

These are the work item tags, separated by a semicolon (;).

Custom Fields

These are the custom fields that are defined for the project.

How to Integrate Netsparker Standard with Azure DevOps
  1. Open Netsparker Standard.
  2. From the Home tab on the ribbon, click Options.

The Options dialog is displayed.

  1. Click Send To Actions.

  1. From the Add dropdown, select Azure DevOps.

The Azure DevOps fields are displayed.

  1. In the Mandatory section, complete the connection details:
  • Project URL
  • Username
  • Password or Token

If you use a personal access Token, keep the Username field empty. If you have alternative credentials, fill in the Username and Password fields.

To learn how to create a Token, read Authenticate access with personal access tokens.

  1. In the Vulnerability section, you can specify the Body Template and Title Format.

Body templates are stored in %userprofile%\Documents\Netsparker\Resources\Send To Templates. If you use your own custom templates, store them in this location.

  1. In the Optional section, you can specify:
  • Domain
  • Work Item Type
  • Assigned To
  • Tags
  • Custom fields

To learn about the Work Item Type field , read Add and manage work item types. To learn about Custom fields, read Add and manage fields for an inherited process.

  1. To set custom field values, in the Custom Fields field, click the ellipsis button.
  2. In the Edit Custom Field Value field, enter the relevant value.

  1. Click OK.
How to Integrate Netsparker Standard with Azure DevOps Using the Wizard

Instead of configuring the settings manually, the configuration wizard can help you with the settings.

  1. Click Configure Send To to launch the wizard. The Send To Configuration dialog is displayed.

  1. Click Next. The Authentication step is displayed.

  1. Complete the Project URL and Personal Access Token (or Username and Password), and click Test Credentials.
  2. When the confirmation message, Your credentials are confirmed, is displayed, click Next. The Project step is displayed.

  1. Select a project, and click Next. The Work Item Type step is displayed.

  1. Select a work item type, and click Next. The Assignee step is displayed.

  1. If required, select an assignee, and click Next. The Tags step is displayed.

  1. If required, enter the tags, and click Next. The Summary step is displayed.

  1. Review your settings, and click Finish. The Settings are applied automatically. You are returned to the Send To Actions fields.
How to Test Configuration and Create Sample Issue in Azure DevOps
  1. Configure fields manually or using wizard.

  1. Click Create Sample Issue to confirm that Netsparker Standard can connect to the configured system. The Send To Action Test dialog is displayed.

  1. In the Send To Action Test dialog, click the Issue number link to open the issue in Azure DevOps in the default browser.
  2. Click OK or Apply to save Azure DevOps configuration.
How to Export Reported Vulnerabilities to Projects in Azure DevOps
Please ensure that you have first configured Azure DevOps integration. See How to Integrate Netsparker Standard with Azure DevOps.
  1. Open Netsparker Standard.
  2. From the ribbon, select the File tab. Local Scans are displayed. Double-click the relevant scan to display its results.

  1. In the Issues panel, right click on the vulnerability you want to export and select Send to Azure DevOps. (Alternatively, from the ribbon, click the Vulnerability tab, then Send to Azure DevOps.) A confirmation message and link is displayed at the bottom of the screen.

  1. Click the Azure DevOps Send to Action is executed for the selected vulnerability. link to see the newly-created issue in Azure DevOps.
  2. The vulnerability is automatically exported to Azure DevOps. You can view it in Azure DevOps' Work Items tab.

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO