# Azure Repos

Azure Repos is a set of version control tools that you can use to manage your code. Azure Repos provides two types of version control:

1. Git: distributed version control.
2. Team Foundation Version Control (TFVC): centralized version control.

Azure Pipelines is a cloud-based solution that automatically builds and tests code projects.

Connecting your Azure account allows OX to map and scan your apps for security issues.

### Connection methods

<div align="left"><figure><img src="https://884876233-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdK3XMLdV8zRg847RmGmZ%2Fuploads%2Fgit-blob-cd0aa8a24af8810396b96fb1bfe2fac51244e718%2Fazure%20repos%20config.png?alt=media" alt=""><figcaption></figcaption></figure></div>

#### Identity Provider

1. In OX, go to Connectors > Source Control > Azure Repos.
2. Open the IDENTITY PROVIDER tab, select **CONNECT,** and follow the instructions on the screen.

#### Token

1. To create the token, see the Microsoft documentation. [Create an access token in Azure DevOps](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops\&tabs=Windows).
2. Add the permissions listed in the section [Token scopes required](#token-scopes-required).
3. In OX, go to Connectors > Source Control > Azure Repos.
4. Open the TOKEN tab and copy the token into the token field.
5. Select **CONNECT**.

#### Service Principal

1. To create a managed identity or application service principal, see the Microsoft documentation [Use service principals and managed identities in Azure DevOps](https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/service-principal-managed-identity).
2. In OX, go to Connectors > Source Control > Azure Repos.
3. Open the SERVICE PRINCIPAL tab and enter the service principal ID (in the Client ID field), the client secret, and the tenant ID to connect.
4. Ensure your host URL follows this format: `https://dev.azure.com/{organizationName}/`

#### Connect multiple organizations

To connect multiple organizations, use a dedicated Personal Access Token (PAT) for each connection.

### Token scopes required

* Auditing - Read Audit Log
* Build - Read
* Code - Full
* Code - Status
* Graph - Read and Manage
* Identity - Read and Manage
* Member Entitlement Management - Read and Write
* Project and Team - Read, Write and Manage
* Release - Read
* Security - Manage
* User profile - Read
* Wiki - Read
* Work items - Read and Write

<figure><img src="https://884876233-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdK3XMLdV8zRg847RmGmZ%2Fuploads%2Fgit-blob-4013c036920e65983326e62a8743799d26e55dde%2Fimage%20(9).png?alt=media" alt=""><figcaption></figcaption></figure>

<figure><img src="https://884876233-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdK3XMLdV8zRg847RmGmZ%2Fuploads%2Fgit-blob-3aa2bbe7e67e18579c33fe233292735f85e0e248%2Fimage%20(10).png?alt=media" alt=""><figcaption></figcaption></figure>

<figure><img src="https://884876233-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdK3XMLdV8zRg847RmGmZ%2Fuploads%2Fgit-blob-a41864dc3bd7ee84d61c371fb1a2038f7f1ebff1%2Fimage%20(11).png?alt=media" alt=""><figcaption></figcaption></figure>

<figure><img src="https://884876233-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FdK3XMLdV8zRg847RmGmZ%2Fuploads%2Fgit-blob-3222c5ff39aaa3b55869ea18646248b4566fda46%2Fimage%20(12).png?alt=media" alt=""><figcaption></figcaption></figure>

Once you have verified Azure repos connectivity, you can see all the repositories and can select them for scanning.

### Setting repositories' scope

You can use the **Gear** icon to choose the repositories' scope OX will cover. Only repositories chosen here will be covered and scanned.

Here you can also decide what will happen by default with newly discovered repositories.