By connecting Probely to your Microsoft Azure DevOps Boards service, you can get the scan results synchronized with an Azure Boards organization and project of your choice.
The synchronization is bi-directional, meaning that a finding that is reported by Probely is sent to your Azure Boards, and as soon as it is set as Done, it will trigger a re-test. If the finding is fixed, the Azure Boards' work item is kept closed. Otherwise, it is reopened.
If Probely detects a change, it will update the Azure Boards' work item. For instance, if the underlying vulnerability was fixed: Probely detects it, sets the finding as fixed, and updates the Azure Boards work item to fixed as well.
Comments are also synchronized, in both directions, to ensure you always have all the information about that finding in both places.
The Azure DevOps service connection is enabled at the account level and then enabled on demand for each target. Configurations such as which Product and Work Item to use are set in the target settings.
Configure Probely and Azure DevOps
To connect Probely and your Azure DevOps account, follow the instructions below.
1- Authorize Probely to access your Azure DevOps account
To start, go to https://plus.probely.app/integrations and find the Azure DevOps section.
Probely needs permission to connect to your Azure DevOps account in order to synchronize findings. We ask for the minimum set of permissions that allow us to list organizations and projects and create work items from Probely's findings.
Click on the link to begin. A browser tab will open at Azure, where you will be asked to login, if you are not already authenticated. Then you will be asked to Accept the permissions Probely is requesting.
Click Accept to continue.
If you already have an Organization and at least one Project created at Azure DevOps, you should be redirected to Probely right away. If that is not the case, Azure will ask you to create an Organization and a Project, both required for this integration to work.
Choose the Organization you want to use and click Save.
Please note that you may need to update your Organization Settings at Azure. Access your Organization, go over Organization Settings and, under Security, click on the Policies entry. There you need to make sure that the "Third-party application access via OAuth" is set to On.
2- Choose your synchronization settings
Back at Probely, you need to choose which targets to synchronize and how. To configure a target to use Azure Boards, go to the Integrations tab from that target's Settings and locate the Azure Boards module.
You will see the following screen:
Project - choose which project to sync with.
Work Item Type - choose which work item type to sync with. The most common options are Issue or Task. The list will only show work items for the Project you have selected.
Automatically sync all findings - if checked, all findings that are not fixed will be sync to Azure, as well as any new finding.
Alternatively, you can enable per finding synchronization: to do so, check Sync finding in the details of the finding, as shown here:
Delete - removes the configuration for this target. Findings already synchronized are kept at Azure.
To finish the configuration, just choose the Project, Work Item, and click Save. If the Automatically sync all findings box is checked, synchronization will start immediately and should take just a few seconds.
Probely adds two tags to each work item created at Azure:
one indicating the severity, with the following values:
Probely, identifying which work items are being synced. It also gives you a way to easily filter those coming from Probely. Do not remove this tag. Otherwise, the synchronization will stop working for that work item.