HERE'S WHY
Connecting Azure Boards (DevOps) to Drata allows for the automated checks and evidence collection to prove to auditors that your company follows its vulnerability management policy and procedures.
BEFORE DIVING IN
Be signed into Microsoft 365 already and or you will be prompted to do so upon connection from Drata. The required Access Level to connect to Azure Boards (DevOps) is "Admin".
HERE'S HOW
Follow these instructions to connect Azure Boards (DevOps) to Drata:
1. Select 'Connections' on the side navigation menu.
2. Select the 'Available connections' tab and then search for 'azure boards (DevOps)' to select the connect button for the Azure Boards (DevOps) integration.
3. Follow the instructions in the connection drawer.
To use 'Security' as the security label within Azure Boards (DevOps) to categorize tickets as security issues, enter 'Security' in the 'Security Label' field within the connection drawer.
WHAT THE CONNECTION TESTS
For every project, we scan all work items that are not of the following work item types:
Code Review Request
Code Review Response
Epic
Feature
Feedback Request
Feedback Response
Shared Step
Test Case
Test Plan
Test Suite
Shared Parameter
In addition, we scan all work items that are not in the following states:
Closed
Removed
Resolved
This means that we will scan custom work items you create.
For every work item that is valid, we will check for the provided security tag.
If there is no tag, we ignore the work item.
If there is a security tag and someone assigned as an owner, we ignore it.
If there is no one assigned, the ticket will be added to the list of failed items for the Security Issues are Prioritized test.