Azure Repos

Azure Repos is a set of version control tools that you can use to manage your code. Azure Repos provides two types of version control:

Azure Pipelines is a cloud-based solution that automatically builds and tests code projects.

Connecting your Azure account allows OX to map and scan your apps for security issues.

In OX, go to Connectors > Source Control > Azure Repos.
Open the IDENTITY PROVIDER tab, select CONNECT, and follow the instructions on the screen.

To create the token, see the Microsoft documentation. Create an access token in Azure DevOps.
Add the permissions listed in the section Token scopes required.
In OX, go to Connectors > Source Control > Azure Repos.
Open the TOKEN tab and copy the token into the token field.
Select CONNECT.

To create a managed identity or application service principal, see the Microsoft documentation Use service principals and managed identities in Azure DevOps.
In OX, go to Connectors > Source Control > Azure Repos.
Open the SERVICE PRINCIPAL tab and enter the service principal ID (in the Client ID field), the client secret, and the tenant ID to connect.
Ensure your host URL follows this format: https://dev.azure.com/{organizationName}/

To connect multiple organizations, use a dedicated Personal Access Token (PAT) for each connection.

Once you have verified Azure repos connectivity, you can see all the repositories and can select them for scanning.

You can use the Gear icon to choose the repositories' scope OX will cover. Only repositories chosen here will be covered and scanned.

Here you can also decide what will happen by default with newly discovered repositories.

Last updated 1 month ago