Arnica Documentation
  • Introduction
  • Getting Started
    • 🔑Sign Up
    • ▶️SCM Integrations
      • Azure DevOps
      • Bitbucket Cloud
      • Bitbucket Server & Datacenter
      • Github
        • GitHub Audit Logs
        • Github App Permissions
      • Gitlab
    • 📤ChatOps
      • Microsoft Teams
      • Slack
        • Adding Arnica to a New Channel
        • Interacting With the Arnica Slackbot
    • 🎫Ticket Management
      • 🐛Jira Integration
      • 📋ADO Boards Integration
    • 🧠Artificial Intelligence
      • Azure OpenAI
      • OpenAI ChatGPT
    • 🏨On Premise Integrations
  • Inventory
    • 💼Identities, Repositories & Organizations
    • 📇Software Bill of Materials (SBOM)
    • 🦄Prioritization & Product Ownership
  • Hardcoded Secrets
    • 🕵️Secret Detection
    • ⏪Realtime Secret Mitigation
    • 🥕Secrets Policy Settings
  • Code Risks
    • 🎼Static Application Security Testing (SAST)
      • Custom SAST Rules
    • 🧩Software Composition Analysis (SCA)
    • 🔡3rd Party Package Licenses
      • Override License Classifications
    • 🤹3rd Party Package Reputation
      • Identifying Low Rep Packages
      • How to Find Alternative Packages
    • ⛅Infrastructure as Code Security (IaC)
    • 🤖Code Risk Policy Settings
      • Developer Feedback On Push
      • Require Review Before Dismissal
      • 0 New High Severity Vulnerabilities
      • Enforce Remediation SLA
    • 🪄Code Risk Magic Links
    • 📦Code Risk Language and Framework Support
  • Platform Operations
    • 🚪Joining an Existing Org
    • ❌Deleting a Tenant
    • 🫂How do I invite members to my tenant?
      • New User Invitations
    • 👥Users & Roles
    • 🔇Deleting Integrations
    • ⌛Scheduled Jobs
      • How often do Jobs run?
    • 💸Billing
  • Security
    • 🎮Role Based Access Control (RBAC)
    • 🛡️Data Handling
    • 🏛️SSO Integration
      • Okta Integration
      • Entra ID Integration
Powered by GitBook
On this page
  • Overview
  • Ensure service account continuity
  • Create a dedicated application user
  • Prerequisites
  • Control access in Azure DevOps
  • Enable 3rd party application access
  • Perform the Integration

Was this helpful?

  1. Getting Started
  2. SCM Integrations

Azure DevOps

PreviousSCM IntegrationsNextBitbucket Cloud

Last updated 6 months ago

Was this helpful?

Overview

Arnica Integrates directly with your Azure DevOps application to help secure the development environment while identifying risks in real time - alerting your team and assisting with remediation actions. Arnica's integration is configurable allowing org-level provisioning or access to specified projects to extract the and take remediation actions.

Ensure service account continuity

Create a dedicated application user

It is suggested that your integration leverage a dedicated application user for access to ensure proper provisioning and access persistence.

According to , Arnica’s Azure DevOps application shall be authorized via OAuth2 only.

While it is a good practice to login via Service Principal to services such as Azure DevOps, this functionality is not supported by Microsoft at this point. An interactive user is required in this case to authorize the access via the .

Prerequisites

Control access in Azure DevOps

To configure the permissions of the Application User, follow the steps below for each Azure DevOps organization:

  1. Click on Organization Settings at the bottom left side of the main Azure DevOps page.

  2. Navigate to Users page and click on Add Users.

  3. Find your Application User, select a Basic access level, and click on Add.

  4. Navigate to the Security menu on the left side of the page, and click on Permissions, then click on the Users tab.

  5. Locate the Application User created in step 3, and click on it.

  6. Navigate to the tab "Member of" and add the user to Project Collection Service Accounts.

The permissions above are required for Arnica to provide accurate context and enable real-time security scanning capabilities.

Enable 3rd party application access

  1. Click on Organization Settings at the bottom left side of the main Azure DevOps page.

  2. Navigate to the Security menu on the left side of the page, and click on Policies.

  3. Under Application connection policies, Enable Third-party application via OAuth.

Perform the Integration

  2. Locate Azure DevOps and click Connect.

  3. You will then be redirected to a consent page, Click Accept:

  1. You will then be redirected to Arnica

  2. If the integration was successful, you should see the Azure DevOps integration under the Existing Integrations section:

Head back to Arnica's .

▶️
Integrations page
necessary data
Microsoft’s authentication guidance
Authorization Code Flow
Azure DevOps Consent Page