Azure

Azure Repos is a set of version control tools that you can use to manage your code. Azure Repos provides two types of version control:

1. Git: distributed version control.

2. Team Foundation Version Control (TFVC): centralized version control.

Azure Pipelines is a cloud-based solution that automatically builds and tests code projects.

Connecting your Azure account allows OX to map and scan your apps for security issues.

Connection options

• Identity Provider - just click “Connect” under the “Identity Provider” tab and follow the instructions on the screen.

• Token - Create an access token in Azure DevOps with the permissions mentioned below, copy the token into the token field and click “Connect”.

Token scopes required

• Auditing - Read Audit Log

• Build - Read

• Code - Full

• Code - Status

• Graph - Read and Manage

• Identity - Read and Manage

• Member Entitlement Management - Read and Write

• Project and Team - Read, Write and Manage

• Release - Read

• Security - Manage

• User profile - Read

• Wiki - Read

• Work items - Read and Write

Once you have verified Azure repos connectivity, you can see all the repositories and can select them for scanning.

Setting repositories' scope

You can use the "Gear" icon to choose the repositories' scope OX will cover. Only repositories chosen here will be covered and scanned.

Here you can also decide what will happen by default with newly discovered repositories.