--- description: "Use the integration to create Azure DevOps issues from the Fluid Attacks platform." keywords: "Azure integration, Fluid Attacks app, Azure issues, Fluid Attacks platform, Fluid Attacks documentation" other: private: false title: Set up the Azure DevOps integration --- # Set up the Azure DevOps integration import { Image } from "@/components/image"; Follow these steps to set up Fluid Attacks' integration with Azure DevOps: 1. Go to your Azure DevOps **Organization Settings** and ensure it allows third-party application access via OAuth. Turn on third-party app access on Azure DevOps to integrate with Fluid Attacks

Turn on third-party app access on Azure DevOps to integrate with Fluid Attacks

> [!NOTE] > > This configuration needs to be done by someone with permissions to modify organization settings on Azure DevOps. - Azure allows you to configure certain issue templates with custom fields, some being mandatory. Since the integration is generic, you need to access your project, navigate to **Project Settings > Permissions > Project Administrators**, and ensure you have the option "**Bypass rules on work item updates"** set to "**Allow** for the integration to function correctly. Also, if you would like to add tags when creating work items from our platform, please verify that the “Create tag definition” setting is also set to “Allow.” Allow Bypass rules on work item updates on Azure to integrate with Fluid Attacks

Allow Bypass rules on work item updates on Azure to integrate with Fluid Attacks

> [!NOTE] > > **Note:** To avoid creating duplicate issues, the integration first checks if there is an existing issue with the same title as the type of vulnerability. If it finds a match, it will use it as the parent issue and create only the associated "Tasks" for each individual vulnerability of the type in question. - On Fluid Attacks' platform, access the **Integrations** section from the collapsible sidebar. Access the Integrations section on the Fluid Attacks platform

Access the Integrations section on the Fluid Attacks platform

> [!NOTE] > > To continue with this integration, make sure you have permissions to view and create issues in your project on Azure DevOps. - Click **Use integration** in the **Azure DevOps** card. If your organization has set up this integration before, the card does not show that button, and you have to click the available gear icon ( Configure integrations on the Fluid Attacks platform

Configure integrations on the Fluid Attacks platform

) instead. Use the Azure DevOps integration with the Fluid Attacks platform

- Click the **Connect** button corresponding to the group for which you desire the integration. Choose the group to integrate with Azure on the Fluid Attacks platform

Choose the group to integrate with Azure on the Fluid Attacks platform

> [!TIP] > > If instead you wish to modify details (e.g., organization, project, creating issues automatically for reported vulnerabilities) of an existing connection, you can click on the **Edit** button available next to the group name, make the necessary changes and click **Update** to finish setting up the integration. - Click on **Authorize** to connect your group to the Azure DevOps account. Authorize connection of your group on the Fluid Attacks platform to the Azure account

Authorize connection of your group on the Fluid Attacks platform to the Azure account

- Read the permissions you give Fluid Attacks with this integration and click the **Accept** button to agree to them. Give Fluid Attacks permission to integrate the platform with Azure

Give Fluid Attacks permission to integrate the platform with Azure

- Once redirected to the platform, enter your Azure DevOps organization. This, as well as the project that you have to select next, must correspond to your organization and project configured on your Azure DevOps, respectively. Select your Azure organization on the Fluid Attacks platform

Select your Azure organization on the Fluid Attacks platform

- Select the specific Azure DevOps project to connect, select the person who will be assigned the vulnerabilities and write any tags to assign to every new issue. Bear in mind that the options available in the **Assigned To** field are the emails of all those who have access to the project on Azure and not necessarily to the group on Fluid Attacks' platform. Provide Azure organization and project names on the Fluid Attacks platform

Provide Azure organization and project names on the Fluid Attacks platform

> [!TIP] > > **Note:** Issues are created for vulnerabilities reported after setting up the integration with this feature enabled and not for those reported before. - Click the **Update** button and you will be all set. > [!TIP] > > This integration works at the group level. Please follow the instructions from step 3 on for each group you want to connect. To see the automatically created issues on Azure DevOps, access you project and select **Boards** and then **Work items** from the left-side menu. See work items from vulnerabilities via the Fluid Attacks Azure integration

See work items from vulnerabilities via the Fluid Attacks Azure integration

Inside the issue, you can see the [Location and Specific details](https://help.fluidattacks.com/portal/en/kb/articles/see-where-vulnerabilities-are-and-more-details#See_where_vulnerabilities_are_located) of reported vulnerabilities of the type in question, among other relevant information. Locations are created as child tasks under the issue, and their titles indicate where the vulnerability was found. As explained in step 2, if an existing issue's title matches the title of the reported finding, the locations are reported under the existing issue instead of creating a new one; the same validation is applied to child tasks. See issue from vulnerability via the Fluid Attacks Azure integration

See issue from vulnerability via the Fluid Attacks Azure integration

On Fluid Attacks' platform, to show you where you are using this integration across your groups, the **Azure DevOps** card displays how many of the groups you have access to have the integration configured. Configure Azure DevOps integration on the Fluid Attacks platform

Configure Azure DevOps integration on the Fluid Attacks platform

> [!TIP] > > Our Azure integration assumes that it is possible to create items using the ‘Issue’ work item type. If this work item type is not available in your project, or if you are unsure whether it is, please review the following [documentation](https://learn.microsoft.com/en-us/azure/devops/organizations/settings/work/add-custom-wit?view=azure-devops). > [!TIP] > > Explore other BTS integrations: > > 1. [GitLab](https://help.fluidattacks.com/portal/en/kb/integrate-with-fluid-attacks/use-the-gitlab-integration) > 2. [Jira Cloud > ](https://help.fluidattacks.com/portal/en/kb/integrate-with-fluid-attacks/use-the-jira-integration) > [!TIP] > > **Free trial** > Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your [21-day free trial](https://app.fluidattacks.com/SignUp) and discover the benefits of the [Continuous Hacking](https://fluidattacks.com/services/continuous-hacking/) [Essential plan](https://fluidattacks.com/plans/). If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out [this contact form](https://fluidattacks.com/contact-us/).