Set up the Azure DevOps connector
The Veracode Risk Manager (VRM) connector for Azure DevOps centralizes pipeline, repository and code information, and analyzes build logs to identify container image origins. This allows you to quickly identify code that generated vulnerable images, improving remediation times for risky code.
Additionally, the connector enables you to generate project work items from VRM issues, allowing your security teams to quickly assign work to the correct development teams to remediate risk.
Complete the following tasks to set up your VRM connector for Azure DevOps.
Create a Personal Access Token
You must create a Personal Access Token (PAT) to authenticate into Azure DevOps.
Create a PAT with the following specifications to enable the connector to effectively access the necessary information from your Azure DevOps organization to perform image origin analysis:
-
Set the expiration date to at least one year from the current date.
-
Set the scopes to allow at least the following levels of access:
Scope Access Auditing Read audit log Build Read Code Read Entitlements Read Environment Read & manage Extension Data Read Extensions Read Graph Read Identity Read Packaging Read Project and Team Read Release Read Secure Files Read Service Connections Read Symbols Read Task Groups Read User Profile Read Variable Groups Read
To allow the connector to generate work items from VRM issues, set the scopes of your PAT to allow at least the following levels of access:
| Scope | Access |
|---|---|
| Project and Team | Read |
| Work Items | Read & write |
You can add these permissions to the same PAT mentioned above, or, if you want to configure a separate connector in VRM dedicated to the work item functionality, you can generate a new PAT with just these permissions.
Create a VRM connector
- In VRM, from the left navigation menu, select the Settings icon
. - Select Add Connector.
- Select the Azure DevOps tile.
- On the Azure DevOps connector page, enter a name for the connector.
- Enter the name of your Azure DevOps organization.
- Paste the Personal Access Token you generated in Azure DevOps.
- Select Add Connector.