Azure DevOps Boards

Azure DevOps Boards

StackHawk’s official Azure DevOps Boards integration.

This feature is available on the StackHawk Enterprise plan.

Overview

The StackHawk Azure DevOps Boards integration lets you identify and track scan findings within your Azure DevOps Boards workspace. The integration requires a Personal Access Token (PAT) with permissions to your Azure DevOps Boards workspace.

Features

  • StackHawk can connect to a Azure DevOps Boards workspace, and HawkScan findings can be associated to new or existing work items.

Requirements

StackHawk:

  • You must have a StackHawk account.
  • Your StackHawk Organization must belong to a plan with the Azure DevOps Boards integration enabled. Reach out to StackHawk Support to enable it.
  • Must NOT have another project management / ticketing integration installed. Only one instance of a Project Management Integration is currently allowed.

Azure DevOps Boards:

  • You must have login permissions to the Azure DevOps Boards workspace you wish to add the integration to.
    • You must have permissions to create tickets and add comments.
    • You must be able to create a personal access token with full access for the Azure DevOps Boards workspace you wish to integrate with.

Permissions

With this integration you authorize StackHawk with the following permissions:

  • Read access to the connected Azure DevOps Boards workspace
  • Write access to the connected Azure DevOps Boards workspace

Installation

  1. Log into StackHawk and visit the Azure DevOps Boards Integration page in StackHawk
  2. Click Link Azure DevOps Boards. This will open the connection modal via merge.dev.
  3. Follow the prompts in this modal to provide your username, personal access token, and workspace name.
  4. This modal will verify a successful connection after you have provided all the required information to connect.

Allowed IP Addresses

If your Azure DevOps Boards Integration has access restricted by IP address, please add the following IP addresses to the allowed list:

44.194.126.11
44.194.4.0
3.232.227.174
3.214.125.237
54.158.121.71
44.193.163.62

Please note that these IP address are different from other integrations, and are specifically for Azure DevOps Boards.

Usage

Configuration

A default project and work item type can be selected from the Azure DevOps Boards Integration page in StackHawk.

Picking a project and work item type here will cause these defaults to be pre-populated when sending findings to Azure DevOps. Other options for the project and issue tyep can still be picked when sending findings to Azure DevOps Boards.

Status

If an issue is detected with the Azure DevOps Boards integration, the status on the Azure DevOps Boards Integration page will update to reflect that is an issue with the connection. Any relevant details of the issue will also be displayed.

The details can help explain the possible fix, and typically, the connection will need to be re-established by updating the credentials for the Azure DevOps Boards installation.

Send to Azure DevOps Boards

With the Azure DevOps Boards installation verified, you can send a finding to Azure DevOps by creating an Azure DevOps Boards work item and associating it with a StackHawk scanner finding.

  1. Go to a finding detail in StackHawk Scans > Scan Details > Findings
  2. Click on the checkbox for a given Path, Status, Method
  3. Click on Actions > Send to Azure DevOps
  4. Fill out the work item details. Findings can be promoted with either a new Azure DevOps work item, or linked to an existing work item.

Creating an ADO WorkItem in Stackhawk Platform Screenshot

Creating a New Work Item: Select the project and issue type you want the created work item to be associated with. The created work item will have details about those findings. Click Create Issue, and the Azure DevOps Boards work item will be created and associated with the scan findings.

Linking an ADO Issue in Stackhawk Platform Screenshot

Linking an Existing Work Item: Select the project, then work item from the dropdown you want the finding to be associated with. If you don’t see the work item you want to select, ensure you have the correct project selected, then type the id of the work item you want to select. The linked work item will receive a comment with the details of the vulnerability findings. Click Link Issue, and the Azure DevOps Boards work item will be associated with the scan findings.

ADO Work Item Created from Stackhawk Platform Screenshot

Other actions

You can clear the status of a finding or change it to another status by selecting the Path, Status, and Method and selecting a different action.

TroubleShooting

There is a delay from the time a ticket is created in Azure DevOps Boards to the time it has been synced and will appear in the link issue selection. If the ticket you are attempting to link to has just been created, please wait for up to an hour for it to be visible to be linked to in StackHawk.

Custom Fields on Work Item Types

It is not uncommon for an Azure DevOps Boards project to have custom fields on their work item types. This is a feature provided by Microsoft, but can affect StackHawk ticket creation. If your project’s Work Items has additional custom fields, make sure they also have an acceptable default value defined.

ADO Custom Fields Configuration

Removing the Azure DevOps Boards Integration

The Azure DevOps Boards integration can be disconnected from the authorized StackHawk organization from the Azure DevOps Boards Integration page.

  1. Go to the Azure DevOps Boards Integration page in StackHawk.
  2. Click Disconnect.
  3. Click Yes, Disconnect on the next prompt to confirm.

Feedback

Have any suggestions, feature requests, or feedback to share? Contact StackHawk Support .