Integrate Azure DevOps with Cobalt
Push Cobalt findings as work items to Azure DevOps.
Integrate with Azure DevOps to create work items for your Cobalt findings and streamline your remediation workflows. The availability of this feature depends on your PtaaS tier.
Overview
How it Works
- Connect your Azure DevOps system to Cobalt and push pentest findings as work items to your team boards.
- Configure Azure DevOps for each pentest, selecting the Team Project, Work Item Type, and other field mappings for tickets created from findings.
- When a new finding in the Pending Fix state is reported, a new work item is automatically created in Azure DevOps.
Limitations
Please be aware of the following considerations when using this integration. We are working to improve the integration and address these limitations.
- Work items will automatically be created when a finding is moved to Pending Fix state. It is not possible to manually create a work item for a finding.
- Only one Azure DevOps instance can be connected to a Cobalt Organization at a time.
- Work items created will not appear in the External Issue References section of the Cobalt findings page.
Frequently Asked Questions
Click to view answers.
What is a work item?
In Azure DevOps, a work item is any item that needs to be investigated within a project. Work items may also be referred to as tickets.
In the context of Cobalt integrations, a work item is a finding that was synchronized with Azure DevOps.
Which fields are required to create Azure DevOps work items?
The following fields are required to create a work item:
- Project
- Work item type
- Title
- State
Depending on your Azure DevOps process template, additional fields in your work item form may be required. Make sure to provide a value for all required (*) fields. See: How to set work item field values.
Does the integration support custom required fields?
Yes. When configuring the integration for a pentest, you can set values for all standard and custom fields in the work item type template for the Project and Work Item Type selected. See: How to set work item field values.
Can I manually create a work item for an individual finding?
No, only auto-push is currently supported.
Where can I find the ID of the work item created for a finding?
Currently, the Work Item ID is not displayed in the Cobalt platform (this will be addressed in a future release).
In Azure DevOps, the Finding ID will be included in the work item Title, and a link to the Cobalt finding is available in the Description field.
How often are findings synchronized between Cobalt and Azure DevOps?
Findings are pushed to Azure DevOps when they are published and set to Pending Fix status. This occurs virtually in real-time, and should be reflected in your Azure DevOps environment within a minute or so.
Does the integration work with my Azure DevOps Server?
No, only Azure DevOps Cloud is currently supported. If you use an on-prem version, please reach out to us at integrations@cobalt.io.
Will historical findings be synchronized after I configure the Azure DevOps integration for a pentest?
No. After enabling the integration for a pentest, a finding (either new or existing) must be moved to Pending Fix state, which will trigger the creation of a work item.
Is the Cobalt finding updated when the work item status changes?
No. We are working to enable bi-directional syncs for an upcoming release. Currently, the integration is 1-way only.
After a work item is created for a new finding, there is no further association between the work item and the finding.
Can I use an Azure DevOps service account?
Yes. You can use a Service Principal or Managed Identity to authenticate your Azure DevOps environment with Cobalt. Follow Microsoft’s guide to configure your managed account. Then when setting up the connection in Cobalt, select the Authorization Code method of authentication.
Can I sync a finding to a work item that already exists in my ADO project?
No. We are working to support this in a future release. Currently, the integration will create a new work item for each unique pentest finding.
Can I move a work item to a different ADO project?
Yes. Work items will be created in the project you selected in the pentest configuration. Once created, you can move the work item to another project, or even change the work item type, without impacting the integration.
Connect your Azure DevOps environment to your Cobalt Organization in order to use the integration to sync pentest findings as work items.
Once you’ve connected your Azure DevOps instance, you can configure pentests to push findings to an ADO Team Project.
Troubleshoot common issues with the Azure DevOps integration.
Last modified October.10.2023