Skip to content

Integrate Azure DevOps with BoostSecurity

BoostSecurity lets you to connect your Azure DevOps projects to enable security checks on your repositories, including CI/CD supply chain security checks.

Prerequisites

Before you begin, make sure you have:

To create a PAT with the correct permissions,

  • Go to your Azure organization settings and navigate to your Personal Access Tokens.
  • Create a new PAT.
  • ENSURE “All Accessible organizations” is selected under the “Organization” input field
    • After selecting the required permissions, click on Create to create your new PAT.

Permissions

This Integration and Zero Touch Provisioning will use the following permissions:

  • Agent Pools: Read
  • Analytics: Read
  • Code
    • Read and Write
    • Status
  • Project & Team: Read
  • Pull Request Threads: Read & Write
  • Variable Groups: Read, Create & Manage
  • Build: Read & Execute
  • Extensions: Read & Manage
  • Pipeline Resources: Use & Manage

1. Connect Azure DevOps to BoostSecurity

To install the BoostSecurity integration for Azure:

  1. Navigate to the Integrations page.

  2. Select the Azure DevOps Account integration from the Available section.

    Azure DevOps Account

  3. Select Install: A window pops up, directing you to provide the Personal Access Token and Integration Name for Azure and select Install.

    Please note that the token needs to have access to all the organizations.

    Installation

  4. Select Install to save.

Once the installation is completed, the BoostSecurity Azure DevOps Account card is added to the Settings > Integrations > Installed section.

2. Zero Touch Provisioning for ADO

Follow these steps to set up ZTP for Azure DevOps

  1. Go to the Integrations page, select your Azure DevOps integration and click on the configuration tab.

  2. On the ZTP column, you will notice that the ZTP status is set to Not Set. Click on the actions menu next to the status and select Enable.

    Enable ZTP

  3. On the ZTP Wizard, the first step is to give BoostSecurity permissions for the Zero Touch Flow on your Azure DevOps Organization. The Zero Touch Flow would require a Personal Access Token with these permissions.

    Give Permissions

  4. Click the Next button to proceed.

  5. BoostSecurity configures the boost repo on your ADO organization.

    Configure Boost Repo

  6. Install and authorize the BoostSecurity.io Zero Touch provisioning on your organizations. Click on the Accept button at the bottom of the page.

    Grant Permissions for CI Provisioning

    Please note the warning below:

    On your first scan, you need to authorize the "boostsecurityio.boost-scanner" pipeline to access the variable group boostsecurityio. before you can see results on your dashboard.

  7. The pipeline configuration is ready.

    ZTP Flow complete

    Note

    By clicking the Enable Boost Recommended Scanners button, Boost will provision multiple scanners for every repository it has access to. These scanners will then request new scans to be conducted for each of those repositories. Please note that this process would have a financial impact on your services, so ensure that this is the correct course of action before proceeding.

    If you are connecting to a large collection of repos, you may want to enable scanning in a more targeted manner.

Zero Touch Provisioning is now enabled!!!

Next Steps

It is recommended to enable default scanner protection for your Azure organization, and then proceed to build your first custom policy, where you would define specific actions for security events identified by configured scanners.