1. Snyk
  2. Integrations
  3. Git repository (SCM) integrations

Articles in this section

Azure Repos integration

The user generates a unique Azure DevOps personal access token generated for Snyk specifically. Together the username and password constitute a token that Snyk uses. The token authorizes Snyk to access the user’s repos for only the specific permissions that the user indicates to Azure Repos when generating it.

 
 

  1. The user selects projects and repositories for import to Snyk (for testing and monitoring). The user can also enter custom file locations for any manifest files that are not located in the root folders of their repositories.

  2. Snyk evaluates the items that the user selected and imports any that have relevant manifest files in their root folder. Snyk also imports files for which the user entered custom file locations (for any manifest files not located in root folders).

  3. Snyk communicates directly with your repository for each test it runs to determine exactly what code is currently pushed and what dependencies are being used. Each dependency is tested against Snyk’s vulnerability database to see if it contains any known vulnerabilities.

  4. Based on your configurations, if vulnerabilities are found, Snyk notifies you via email or Slack so that you can take immediate remediation action.

Add projects to Snyk for Azure Repos

Snyk tests and monitors Azure Repos that are in any of our supported languages by evaluating root folders and custom file locations.

Adding projects to Snyk
 
 

  1. Go to Projects and click Add projects. Choose the tool from which to import your projects:

    image1.png

  2. A popup screen opens with all the available repositories under the selected integration:

    image2.png

  3. Select the repos that you would like to import to Snyk to monitor them for security/license issues. To import all repos for a specific organization, checkmark the organization.

  4. Click Add selected repositories. Snyk evaluates root folders and custom file locations. If no manifest files are found on the root level or in the paths you configure, Snyk notifies you that no files can be imported.

 
Adding custom file location
 
 

  1. From the Add custom file location dropdown list, select the relevant repo for which you would like to configure a custom path. The repo must first be selected from the Add Projects view, as described in the previous step.

  2. In the text field, enter the relative path in which the manifest file is located, as demonstrated in the image above.

Note

This field is case sensitive.

 
Excluding folders from import
 
 

To exclude specific folders from being imported, specify the names of the folders that you want to exclude from the search (maximum 9 folders). Separate names with commas.

Note

This field is case sensitive and the pattern applies for all repos.

 
Next steps
 
 

Once repositories are imported, a confirmation appears in green at the top of the screen. The selected files are indicated with a unique icon, they are named by organization/repo, and you can now also filter to view only those projects, as seen in the example below:

image7.png

This integration works similar to our other integrations. To continue to monitor, remediate and manage your projects, see the relevant pages in our Docs.

 
 

Configure your integration for Azure Repos

Integration with Azure Repos Cloud is available for all of our pricing plans whereas integration with Azure Repos Server v2018 Update 2 and above (also known as TFS) is available only for Pro / Enterprise plans.

Snyk integrates with Microsoft Azure Repos to enable you to import your projects and monitor the source code for your repositories. Snyk tests the projects you’ve imported for any known security vulnerabilities found in the application’s dependencies, testing at a frequency you control.

How to configure your integration

Enable integration between Azure Repos and Snyk, and start managing your vulnerabilities.

Prerequisites

Ensure you have set up your Azure Repos account and your Snyk account.

Steps

  1. Access your Azure Repos account and retrieve a unique personal access token for use by Snyk. For help doing this, see the Azure DevOps documentation.

  2. When prompted in Azure, enable the following permissions for Snyk access as follows:

    • Expiry—We recommend choosing an expiration date for this token that is far in the future to avoid breaking integration.

    • Scopes—Custom defined

    • Code—Read and write

  3. Log in to your Snyk account.

  4. Navigate to Integrations from the menu bar at the top.

  5. From the Integrations page under the Azure Repos logo, click the Connect to Azure Repos button:

    image1.png

  6. From the Settings page in the Integrations area, enter the Azure DevOps organization that you want to integrate with (i.e. https://dev.azure.com/{org-name}) and the personal access token that you just generated.

     

    Screen_Shot_2020-05-19_at_17.11.05.png

    * Pro / Enterprise customers will also be able to provide a custom URL for Azure Repos Server private instance.

  7. Click Save.

  8. Snyk tests the connection values and the page reloads, now displaying Azure Repos integration information. A confirmation message that the details were saved also appears in green at the top of the screen. In addition, if the connection to Azure failed, a notification appears under the Connected to Azure Repos section.

     

    Screen_Shot_2020-05-19_at_17.16.24.png