Integrate with Azure DevOps Peer Reviewer Assistant

Integrate with Azure DevOps Peer Reviewer Assistant

Steps to configure the Azure Peer Reviewer Assistant integration

This guide outlines the generalized steps for configuring the Azure Peer Reviewer Assistant integration within the Fluid Attacks platform. This integration enables an automatic peer reviewer to analyze Pull Requests (PRs) in Azure DevOps and add comments regarding security findings.

1. Initiate the integration within the Fluid Attacks platform

  1. Navigate to the Integrations section on the Fluid Attacks platform dashboard.
  2. Scroll down to locate the Azure Peer Reviewer Assistant card.
  3. Click the Use integration button on the card.

2. Connect the integration to an organization group

  1. A window titled "Choose the Group you want to connect to Azure DevOps Peer Reviewer Assistant integration" will appear.
  2. Select the specific group within your organization that contains the repositories you wish to scan.
  3. Click the Connect button next to your selected group.

3. Authorize the Azure connection

  1. The authorization dialog "Connect to Gitlab Peer Reviewer Assistant" will open.
  2. Click the Authorize button.
  3. You will be redirected to the Microsoft account selection page.
  4. Select the Microsoft account that possesses the necessary access rights to the target Azure DevOps organization.

4. Configure integration details

  1. Upon successful authentication, the "Configure integration" dialog will reappear in the Fluid Attacks platform.
  2. Azure DevOps organization: Select or enter the name of your Azure DevOps organization.
  3. Azure DevOps project: Select the specific Azure DevOps project within the organization.
  4. Azure DevOps repository: Select the Azure DevOps repository where the Peer Reviewer Assistant will analyze PRs.
  5. Click the Update button to save the configuration.
  6. Confirmation: A success message, such as "Success! You updated the integration set," will confirm that the setup is complete.

Integration management and verification

Manage the connected integration

  1. Return to the Azure Peer Reviewer Assistant card and click Edit (or the corresponding management button) for the connected group.
  2. The "Manage Azure Peer Reviewer Assistant Integrations" window will display the connected repository and its details.
  3. From this screen, you can edit the configuration, disconnect the integration, or add a new integration for other repositories within the same group.
  4. Click Close to exit the management window.

Azure DevOps service hook verification (optional)

The integration automatically creates a Service Hook in your selected Azure DevOps repository. This hook is designed to activate the Peer Reviewer Assistant automatically upon a "Pull request updated" event, ensuring continuous security analysis when changes are made to a PR.
IdeaIntegrating with GitLab instead? Read the guide!