Adding Azure DevOps Repositories
This guide includes adding a HackerOne Code servcice user to your Organization, authorizing your Azure DevOps account with HackerOne Code, installing and syncing your repositories.
Last updated
This guide includes adding a HackerOne Code servcice user to your Organization, authorizing your Azure DevOps account with HackerOne Code, installing and syncing your repositories.
Last updated
NOTE: If your organization uses the access management service, please let your HackerOne implementation or accounts contact know.
In order for our system to post feedback to your Azure pull requests, a posting user must be added to your team.
Open your Azure DevOps Organization Settings and click Users -> Add Users
In the Users field, add: azure@pullrequest.com
The user will need Basic access and will need to be added to all of the Projects you'll need review coverage on.
If possible, we recommend selecting Add all Project access so there's no disruption in service as coverage is needed. You'll be able to maintain control for restricting and enabling service for certain repositories through our dashboard (see ).
Once the user is aded, an invitation will be sent to the HackerOne implementation team to accept.
You'll then be prompted to authorize your Microsoft account with the HackerOne Code's PullRequest app, click Accept.
Our integration adheres to the principle of least privilege, ensuring that it only has the access necessary to perform its intended function—providing valuable insights in pull request discussions. Here are the permissions we require and how we use them.
After authorizing with your Microsoft account, you'll be directed to a page to select the Azure DevOps Organization(s) in scope of service.
You'll be asked to allow to access All repositories or Only select repositories.
If practical, we recommend selecting the All repositories option so you won't need to repeat this step each time your team creates a new repository.
After you've made your selection, click the Connect button.
Before scanning and validation is enabled, a member of the HackerOne team will need to accept the invitation sent in step 1 to add the service user.
If you've used our global user, the azure user will be displayed in your Organization Settings screen (see below).
If you haven't already, visit and create a user account by authenticating with Azure DevOps.
After , you'll be prompted to authorize and connect with a version control hosting provider. Click the Sync with Azure DevOps option.
Required Permissions for Azure DevOps Integration
To enable our service to post comments on pull requests in your Azure DevOps repositories, it requires the vso.code_write Code scope. It includes the ability to "create and manage code reviews" - this is necessary for posting pull request comments and interacting with discussion threads.
Our service never updates or deletes source code in your repository. The write permission is used exclusively for adding and interacting with comments to pull requests. Our integration only makes API calls related to commenting and DOES NOT execute any code-modifying operations.
Your repositories should now appear on the page when the Azure DevOps Organization is selected from the Organizations drop-down menu at the top-left portion of the screen.
