Set up the Azure DevOps integration | Fluid Attacks Help

Set up the Azure DevOps integration

Follow these steps to set up Fluid Attacks' integration with Azure DevOps:
  1. Go to your Azure DevOps Organization Settings and ensure it allows third-party application access via OAuth.
  2. Turn on third-party app access on Azure DevOps to integrate with Fluid Attacks

  3. Azure allows you to configure certain issue templates with custom fields, some being mandatory. Since the integration is generic, you need to access your project, go to Project Settings and, in Permissions, ensure you have the option Bypass rules on work item updates set to Allow for the integration to function correctly.
  4. Allow Bypass rules on work item updates on Azure to integrate with Fluid Attacks
    Note on duplicate issues
    Note: To avoid creating duplicate issues, the integration first checks if there is an existing issue with the same title as the type of vulnerability. If it finds a match, it will use it as the parent issue and create only the associated "Tasks" for each individual vulnerability of the type in question.
  5. On Fluid Attacks' platform, access the Integrations section from the collapsible sidebar.
    Access the Integrations section on the Fluid Attacks platform

  6. Click Use integration in the Azure DevOps card. If your organization has set up this integration before, the card does not show that button, and you have to click the available gear icon (Configure integrations on the Fluid Attacks platform) instead.
    Use the Azure DevOps integration with the Fluid Attacks platform

  7. Click the Connect button corresponding to the group for which you desire the integration.
    Choose the group to integrate with Azure on the Fluid Attacks platform

  8. Advice on managing preexisting Azure integrations
    If instead you wish to modify details (e.g., organization, project, creating issues automatically for reported vulnerabilities) of an existing connection, you can click on the Edit button available next to the group name, make the necessary changes and click Update to finish setting up the integration.
  9. Click on Authorize to connect your group to the Azure DevOps account.
    Authorize connection of your group on the Fluid Attacks platform to the Azure account

  10. Read the permissions you give Fluid Attacks with this integration and click the Accept button to agree to them.
    Give Fluid Attacks permission to integrate the platform with Azure

  11. Once redirected to the platform, enter your Azure DevOps organization and project names.
    Provide Azure organization and project names on the Fluid Attacks platform
    Note on creating issues for vulnerabilitiesNote: Issues are created for vulnerabilities reported after setting up the integration with this feature enabled and not for those reported before.
  12. Click the Update button and you will be all set.
To see the automatically created issues on Azure DevOps, access you project and select Boards and then Work items from the left-side menu.

See work items from vulnerabilities via the Fluid Attacks Azure integration

Inside the issue, you can see the Location and Specific details of reported vulnerabilities of the type in question, among other relevant information.

See issue from vulnerability via the Fluid Attacks Azure integration

On Fluid Attacks' platform, to show you where you are using this integration across your groups, the Azure DevOps card displays how many of the groups you have access to have the integration configured.

Configure Azure DevOps integration on the Fluid Attacks platform
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.