Book a demo

OX Scan Extension for Azure DevOps

OX Security provides an Azure DevOps extension that directly integrates with your pipeline, allowing security scans to be part of your CI/CD process. This integration method is suitable for broader DevOps enhancements, including security across various areas.

The overall process involves installing the OX Security Scan Extension from the Azure Marketplace, then authorizing it in your Azure DevOps environment.

Following installation, you integrate the extension by creating a service connection with your OX API key, configuring necessary settings, and optionally granting permissions for broader project access.

Installing OX Security Scan Extension

  1. To install the extension from the Azure Marketplace, follow the process OX Security Scan Extension.

  2. To authorize the extension:

    a. Go to Azure Organization SettingsExtensions.

    b. Select OX Security Scan Extension.

    c. Ensure there is no Authorize button next to the extension name (this confirms authorization is complete).

Integrating OX Security Scan Extension in your Azure DevOps environment

Step 1: Creating a service connection

  1. Navigate to: Azure ProjectProject SettingsService connectionsNew service connection.

  2. Search for OX and select OX Security Authentication.

  3. Configure the connection:

    • Keep the default Server URL.

    • Enter your OX API key.

    • Set a Service connection name.

  4. Optional settings:

    • Enable Grant access permission to all pipelines. Learn more

    • Share the service connection across projects: Learn more

Step 2: (Optional) Adding branch build validation policies

This step allows enforcing scans before merging pull requests.

Step 3: Adding the OX scan task to your Azure pipeline

  1. Edit your Azure pipeline.

  2. Search for OX and select the OX Security Scan task.

  3. Under API key, choose the previously created Service Connection.

  4. Review and configure other task properties.

Step Number
Description

General Settings

Make sure the settings are the same as in the General Settings in OX Security.

Advanced

  • Enable debug mode Turns on detailed logging to help troubleshoot issues during pipeline scan execution. Use this option only for debugging, as it may generate verbose internal logs.

  • Disable SSL validation Skips SSL certificate validation when connecting to external services. Recommended only for testing or non-production environments where SSL certificates may not be trusted.

  • Override blocking issues Allows the pipeline to continue even if blocking security issues are detected. Useful in development or staging environments where you want to test despite unresolved issues.

  1. Each field includes a short description accessible using the ⓘ icon.

  2. Add the task as a pipeline step.

  • After adding the scan task, you see the OXSecurityScan step in your pipeline run.

  • When the scan completes, a new OX Security Scan tab appears in the Azure DevOps pipeline interface, showing scan results.

Last updated