Skip to main content

Azure DevOps Integration

Setup instructions for the bi-directional Azure DevOps integration

Updated over 4 months ago

Note: This integration is only available to HackerOne Enterprise customers.

HackerOne offers a bi-directional Azure DevOps integration that enables you to synchronize your HackerOne and Azure DevOps events. This integration aligns your development and security teams, streamlining the security vulnerability remediation workflow by reducing manual back-and-forth between Azure DevOps and HackerOne.

Setup

To set up the bi-directional integration between HackerOne and your Azure DevOps instance, you’ll need to follow these two steps:

  1. Configure the integration on HackerOne

  2. Configure outgoing requests on Azure DevOps

Configure the Integration on HackerOne

To set up your Azure DevOps integration on HackerOne:

  1. To access webhooks, go to Engagements, click the kebab menu for the program you’re interested in, then click Settings.

  2. Go to Automation > Integrations.

  3. Click Connect with Azure DevOps.

  4. Click Set up new integration to start the configuration process

  5. (Optional) Choose a name and description for your Azure DevOps integration. This will be helpful if you have multiple integrations configured.

  6. Click Next.

  7. Give your authentication a name.

  8. Click Create.

  9. Click Allow in the pop-up window asking for permissions. This ensures that HackerOne is enabled to communicate with Azure DevOps.

  10. Choose the appropriate Azure DevOps account from the dropdown.

  11. Choose the Azure DevOps Account, Project, and Work Item Type you want to use for escalating reports.

  12. Click Next.

  13. Choose which fields from the HackerOne report you want to map to the fields in Azure DevOps. For example, you can map the HackerOne vulnerability details to the Azure DevOps description.

  14. Click Next.

  15. Choose which Azure DevOps Priority levels you want to map to the HackerOne severity. You can choose the same numbers for multiple severity ratings.

  16. Click Next.

  17. Choose which events you want to sync from HackerOne to Azure DevOps. You can choose from:

Option

Details

Comments

When someone comments on a report, an update will be posted on the associated Azure DevOps work item.

State Changes

When someone changes the state of a report, an update will be posted on the associated Azure DevOps item.

Work Item Closed State

You can choose from these options:

  1. To Do

  2. Doing

  3. Done

Rewards

When someone awards or suggests a bounty and/or bonus, an update will be posted on the associated Azure DevOps item.

Disclosure

An update will be posted on the associated Azure DevOps item when disclosure is requested or approved.

Synchronize Attachments

You can synchronize attachments linked with reports and comments to the associated Azure DevOps work item.

  1. Click Next.

  2. Select the events you want to sync from Azure DevOps to HackerOne. You can choose from:

Option

Details

Status changed

Post an internal comment when a work item changes status.

When the status changes to done

You can choose from these options:

  1. Close HackerOne report

  2. Do nothing

Priority changed

Post an internal comment when a work item changes status.

Assignee changed

Post an internal comment when a work item changes the assignee.

Comment added

Post an internal comment when someone comments on a work item.

  1. Click Next.

  2. Copy the AzureDevOpsListener Public URL. (You’ll need this later to set up the outgoing requests from Azure DevOps to HackerOne.)

  3. Click Finish.

  4. Click Enable in the integrations overview to enable the integration.

Configure Outgoing Requests

After configuring the integration on HackerOne, you’ll need to configure outgoing requests in Azure DevOps. This will enable you to send the configured events from Azure DevOps to HackerOne. Keep in mind that you’ll need to use Service Hooks in the configuration process.

To configure synchronizing events from Azure DevOps to HackerOne:

  1. Go to Project Settings > Service hooks in Azure DevOps.

  2. Click on + Create subscription.

  3. Choose Web Hooks from the services list.

  4. Click Next.

  5. Choose Work item updated from the dropdown for the Trigger on this type of event field.

  6. (Optional) Apply any of the filters you'd like to use.

  7. Click Next.

  8. Fill out the URL field with your AzureDevOpsListener Public URL from Step 18 in Configure the Integration on HackerOne.

  9. Click Finish.

Your webhook should appear in the Service Hooks list.


Related Articles
Jira Setup
Jira Integration
ClickUp Integration
Linear Setup
Asana Integration
Did this answer your question?