Skip to main content

Azure Boards

Azure Boards Integration

img

Introduction​​

Integrating Azure Boards in Conviso Platform will let developers gain productivity while we do all the hard work by automating the whole vulnerability management triage process.

New vulnerabilities identified in Conviso Platfom are created in real time directly in Azure Boards.

With our two-way integration capability, every status update from both solutions are automatically updated in order to reduce the toil and increase productivity.

Integration Capabilities​​

This integration enhances issue control management and vulnerability consolidation between systems. It facilitates seamless interaction and communication between various aspects of the process. The integration offers the following capabilities:

From Azure Boards to Conviso Platform:

  • Foster interaction by providing data from Azure Boards with the development team responsible for corrections in Vulnerability Management from Conviso Platform.

From Conviso Platform to Azure Boards:

  • Generates new issues in Azure Boards based on events within Conviso Platform's Vulnerability Management System, such as identified vulnerabilities or completed security assessments.
  • Establishes a linkage between vulnerabilities detected in Conviso Platform and their relevant issues in Azure Boards, enhancing traceability and collaborative efforts.
  • Updates Azure Boards issues when specific actions occur in Conviso Platform's Vulnerability Management System, such as changes in vulnerability status, assessment completions, or updates to risk levels.
  • Transitions Azure Boards issues to appropriate workflow stages when vulnerabilities are resolved or mitigated within Conviso Platform's Vulnerability Management System.

Prerequirements​​

To set up the integration, you'll need the following information:

  1. Azure Boards's login
  2. Admin permission in the project you're integrating

Usage​​

To seamlessly integrate Conviso Platform with Azure Boards, follow these step-by-step procedures:

1 - Configure the integration between Conviso Platform and AzureBoards

2 - Synchronize vulnerability statuses between Conviso Platform and Azure Boards using Webhooks

3 - Check integration status

Configure the integration between Conviso Platform and Azure Boards​

Follow the instructions below to complete the integration setup.

Step 1 - Go to Conviso Platform, look for the Integrations (1) on the left side menu, choose Defect Tracker (2) at the Categories panel to the right and finally click the Integrate (3) button just below Azure Boards's card, as illustrated in the example image below:

img

Step 2 - Log in with your Azure account and authorize Conviso Platform to integrate with your Organization and Projects

img

Step 3 - Severity Mapping refers to Azure Boards's card priority. Select which severity will be referenced to Azure Boards's priority:

img

Step 4 - Enter your Organization Name(1), then click Continue(2), you can get it by following image 2

img

If you don't know your Organization Name, there's no problem, you can get it by logging in your Azure Boards's account, it shows in the page and in the url

img

Step 5 - Click the Add button the link an asset in Conviso Platform to a board in Azure Boards

img

Custom Configuration vs Default Configuration​

At this point in the process, you have two options: Custom Configuration or Default Configuration.

With Custom Configuration, you can specifically link a Conviso Platform asset to a single Azure Boards board. On the other hand, Default Configuration enables you to link all available assets under Conviso Platform to a single Azure Boards board by default — providing a standard integration setup.

Note: In the event that you have both a custom configuration for a specific asset and a default configuration for the integration, the custom configuration will always take precedence over the default configuration.

a) Custom Configuration​

Step 6 - Select the Conviso Platform Asset you want to associate with your Azure Boards Project, Team, Board, Work Item Type, and finally the Lane.

img

b) Default Configuration​

Step 6 - Check the Default Configuration field, notice that the Asset label will is no longer available, select the Azure Boards Project, Team, Board, Work Item Type, and finally the Lane.

img

Step 7 - Consider the following in order to map Conviso Platform statuses to Azure Boards statuses: Identified status (1) is required to map the vulnerabilities from Conviso Platform to Azure Boards, while other fields (2) are optional. After mapping all the statuses, click on the Add button.

img

Synchronize vulnerability statuses between Conviso Platform and Azure Boards using Webhooks​

Step 1 - Copy and save the WebHook URL, you're going to use it in Azure Boards for a future step.

img

Step 2 - In the Project page, go for Project Settings, then to Service hooks(you'll only be able to get here if you're a project admin), and then, click in the add icon.

img

img

Step 3 - In the service hooks, choose the option Web Hooks.

img

Step 4 - Select the Trigger(1) Work item updated, and select the Board Column option in the Field filter(2) and then click in Next.

img

Step 5 - Paste your WebHook URL that you got from Conviso Platform and then click in Finish.

img

Step 6 - Now, let's add a second webook, clicking on add button and choosing the option Web Hooks.

img

Step 7 - Select the Trigger(1) Work item updated, and select the State option in the Field filter(2) and then click in Next.

img

Step 8 - Paste your WebHook URL that you got from Conviso Platform and then click in Finish.

img

The integration with Azure Boards is done and every update in your boards will be updated in Conviso Platform as well.

Check integration status​

In Configuration page, click on the Check connection (1) button to verify if the authentication is working properly (2):

img

Support​​

Should you have any questions or require assistance while using the Conviso Platform, feel free to contact our dedicated support team.

Resources​​

By exploring our comprehensive content, you’ll discover resources that will enhance your understanding of AppSec.

Conviso Blog: Access a wealth of informative videos covering various topics related to AppSec. Please note that the content is primarily in Portuguese.

Conviso's YouTube Channel: Engage with our informative podcast, where we discuss AppSec-related subjects, providing valuable insights and discussions. The podcast is conducted in Portuguese.

AppSec to Go - Conviso's Podcast on AppSec: Explore our blog, which offers a collection of articles and posts covering a wide range of AppSec topics. The content on the blog is primarily written in English.