Microsoft Azure DevOps

Microsoft's Azure DevOps is an IT service management tool that supports your organization's software development lifecycle. You can bring your work items from Azure DevOps into Brinqa to enhance visibility into your development processes, thus strengthening your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Azure DevOps and how to obtain that information from Microsoft. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Azure DevOps from the Connector drop-down. You must provide the following information to authenticate Fleet with Brinqa:

• Service URL: The URL for your organization's Azure DevOps Services organization or TFS (Team Foundation Server). The structure of the URL depends on the service you are using:

  • Azure DevOps Services: https://dev.azure.com/<organization>

  • TFS: https://<server>:port/<tfs>/<collection> (the default port is 8080, and the default collection value is DefaultCollection, but it can be any collection name).

• Access token: The personal access token associated with the Azure DevOps account, which must have permissions to manage, read, and write Azure DevOps work items.

• Project: The Azure DevOps project that contains the work items you want to bring into the Brinqa Platform.

Generate a Azure DevOps access token

For the Azure DevOps connector to retrieve your work items from the Azure DevOps REST API, you must provide a personal access token. To do so, follow these steps:

1. Log in to your organization's Azure DevOps portal as an administrator.

2. Navigate to User settings > Personal access tokens.

   

3. Click New Token.

   Complete the following fields:

   • Name: Provide a name for the token.

   • Organization: Click the drop-down and select the organization where you want to use the token.

   • Expiration Set an expiry date for the token.

   • Scopes: Allow full access or limit the access of the token. To limit access, select Custom defined and select Read, write, & manage access for Work Items.

     

4. Click Create.

   Your new access token displays. You can't view the token again after this. Copy and save it to a secure location.

note

If you do not have the permissions to create an access token, contact your Azure DevOps administrator. For additional information, see Microsoft Azure DevOps documentation.

Additional settings

The Azure DevOps connector contains an additional option for specific configuration:

• Skip certificate verification: Select this option to allow for untrusted certificates.

Types of data to retrieve

The Azure DevOps connector retrieves work items and dynamically creates corresponding models based on your specific configuration in Azure DevOps. The types of data retrieved are highly customizable and depend on the work item types and fields you define in your Azure DevOps project.

Some possible work item types that can be retrieved include:

• Code Review Request
• Epic
• Issue
• Task
• Test Case
• Test Plan

These work item types are specific to your Azure DevOps environment, and the data models created in Brinqa will reflect your unique configuration.

To view the data retrieved by the Azure DevOps connector based on your work items, follow these steps:

1. Navigate to Integrations > Sources.

2. Click the Title of the data integration that you created for the Azure DevOps connector.

   • You can also point the cursor over the entry in the list view, and then click Details.

3. Click one of the links under Source data at the top of the page. A new tab opens in your browser.

   These links take you to a list view of the corresponding Source Data Models (SDM) created by the Azure DevOps integration. The data models are named based on the work item types defined in your Azure DevOps environment.

info

Since the Azure DevOps connector does not automatically map your imported work items to Unified Data Models (UDM), you must define the mappings yourself. For additional guidance on performing these mappings, see Data Consolidation. If you need further assistance, you can also reach out to your Brinqa Support specialists.

note

For additional information on work items and work item types, see Azure DevOps documentation.

Operation options

The Azure DevOps connector supports the following operation options. See connector operation options for information about how to apply them.

| Connector Object | Option | All Possible Values | Description | Example |

Connector Object	Option	All Possible Values	Description	Example
Any Object	bypassRules	true, false	Allows you to bypass the work item type rules during creation or update.	Key: bypassRules Value: true. This key and value combination allows you to bypass any rules when creating or updating the work item.
	suppressNotifications	true, false	Prevents notifications from being fired during creation or update.	Key: suppressNotifications Value: true. This key and value combination prevents notifications from being sent during work item creation or update.
	validateOnly	true, false	Lets you validate changes without saving the work item.	Key: validateOnly Value: true. This key and value combination allows you to validate changes without saving the work item.

note

The option keys and values are case-sensitive as they are shown in this documentation.

For additional information, see Microsoft documentation.

APIs

The Azure DevOps connector uses the Azure DevOps REST API v7.0. Specifically, it uses the following endpoints:

Table 2: Azure DevOps REST API Endpoints

Operation	API Endpoints
List Work Item Types	GET /_apis/wit/workitemtypes
List Work Items	GET /_apis/wit/fields POST /_apis/wit/wiql GET /_apis/wit/workitems
Create Work Items	POST /_apis/wit/fields POST /_apis/wit/workitemtypes POST /_apis/wit/workitems/${type} POST /_apis/wit/workitems/{uid}
Update Work Items	PATCH /_apis/wit/fields PATCH /_apis/wit/workitemtypes PATCH /_apis/wit/workitems/${type} PATCH /_apis/wit/workitems/{uid}
Delete Work Items	DELETE /_apis/wit/workitems/{uid}

Changelog

The Azure DevOps connector has undergone the following changes:

3.4.2

• No change.

3.3.0

• Initial Integration+ release.