StackHawk’s official Azure DevOps Boards integration.
The StackHawk Azure DevOps Boards integration lets you identify and track scan findings within your Azure DevOps Boards workspace. The integration requires a Personal Access Token (PAT) with permissions to your Azure DevOps Boards workspace.
- StackHawk can connect to a Azure DevOps Boards workspace, and HawkScan findings can be associated to new or existing work items.
- You must have a StackHawk account.
- Your StackHawk Organization must belong to a plan with the Azure DevOps Boards integration enabled. Reach out to StackHawk Support to enable it.
- Must NOT have another project management / ticketing integration installed. Only one instance of a Project Management Integration is currently allowed.
Azure DevOps Boards:
- You must have login permissions to the Azure DevOps Boards workspace you wish to add the integration to.
- You must have permissions to create tickets and add comments.
- You must be able to create a personal access token with full access for the Azure DevOps Boards workspace you wish to integrate with.
With this integration you authorize StackHawk with the following permissions:
- Read access to the connected Azure DevOps Boards workspace
- Write access to the connected Azure DevOps Boards workspace
- Log into StackHawk and visit the Azure DevOps Boards Integration page in StackHawk
Link Azure DevOps Boards. This will open the connection modal via merge.dev.
- Follow the prompts in this modal to provide your username, personal access token, and workspace name.
- This modal will verify a successful connection after you have provided all the required information to connect.
A default project and work item type can be selected from the Azure DevOps Boards Integration page in StackHawk.
Picking a project and work item type here will cause these defaults to be pre-populated when sending findings to Azure DevOps. Other options for the project and issue tyep can still be picked when sending findings to Azure DevOps Boards.
If an issue is detected with the Azure DevOps Boards integration, the status on the Azure DevOps Boards Integration page will update to reflect that is an issue with the connection. Any relevant details of the issue will also be displayed.
The details can help explain the possible fix, and typically, the connection will need to be re-established by updating the credentials for the Azure DevOps Boards installation.
With the Azure DevOps Boards installation verified, you can send a finding to Azure DevOps by creating an Azure DevOps Boards work item and associating it with a StackHawk scanner finding.
- Go to a finding detail in StackHawk
Scans > Scan Details > Findings
- Click on the checkbox for a given Path, Status, Method
- Click on
Actions > Send to Azure DevOps
- Fill out the work item details. Findings can be promoted with either a new Azure DevOps work item, or linked to an existing work item.
Creating a New Work Item: Select the project and issue type you want the created work item to be associated with. The created work item will have details about those findings. Click
Create Issue, and the Azure DevOps Boards work item will be created and associated with the scan findings.
Linking an Existing Work Item: Select the project, then work item from the dropdown you want the finding to be associated with. If you don’t see the work item you want to select, ensure you have the correct project selected, then type the id of the work item you want to select. The linked work item will receive a comment with the details of the vulnerability findings. Click
Link Issue, and the Azure DevOps Boards work item will be associated with the scan findings.
You can clear the status of a finding or change it to another status by selecting the Path, Status, and Method and selecting a different action.
There is a delay from the time a ticket is created in Azure DevOps Boards to the time it has been synced and will appear in the link issue selection. If the ticket you are attempting to link to has just been created, please wait for up to an hour for it to be visible to be linked to in StackHawk.
It is not uncommon for an Azure DevOps Boards project to have custom fields on their work item types. This is a feature provided by Microsoft, but can affect StackHawk ticket creation. If your project’s Work Items has additional custom fields, make sure they also have an acceptable default value defined.
The Azure DevOps Boards integration can be disconnected from the authorized StackHawk organization from the Azure DevOps Boards Integration page.
- Go to the Azure DevOps Boards Integration page in StackHawk.
Yes, Disconnecton the next prompt to confirm.
Have any suggestions, feature requests, or feedback to share? Contact StackHawk Support .