Azure Repos enriched with DevSecOps capabilities

We are excited to share that starting today, developers can test, fix, and monitor their Azure Repos projects for open source vulnerabilities.

Native detection of vulnerabilities within Azure Repos

Snyk helps you detect existing vulnerabilities in your projects by scanning your Azure Repos, covering all the languages already supported by existing Snyk Git integrations and Azure DevOps. Each detected vulnerability is listed with enriched content to support triaging, including information such as the context in which it was introduced and the vulnerable function within the package.

The following image displays an imported Node.js project from Azure Repos with vulnerability test results, from within our app:

Prevent and monitor new vulnerabilities

Snyk makes sure the developer’s code stays secure throughout the entire software development lifecycle (SDLC). After pushing the code to Azure Repos, Snyk continues monitoring the imported projects on a daily basis, and notifies developers if new vulnerabilities are disclosed.

Snyk also ensures the developer’s pull requests do not introduce new open source vulnerabilities. Each new pull request is scanned within Azure Repos before being merged to verify that the PR does not introduce new vulnerabilities. Policies can be defined to configure the severity level of a vulnerability that fails the merge.The following image displays a failed PR (from within Azure Repos) due to new vulnerabilities that it would have added:

Actionability and automation accelerate fixing

Detecting vulnerabilities is just the beginning. When a vulnerability is discovered, Snyk calculates the required fix for both direct and transitive dependencies and automatically populates a fix pull request (PR) with the required upgrades or patches, all from within the Azure Repos workflow.

The following image displays a fix PR created by Snyk.

* The functionality of Fix PR and testing new PRs is in closed beta. Please contact us if you would like to enable it for your account.

Microsoft Azure  and Snyk: from code release to runtime

This integration is an important addition to Snyk’s application and container security suite for Microsoft Azure, offering native integrations throughout the SDLC—from code release to runtime, including support for Azure Pipelines, Azure Container Registry and Azure Functions.

Getting started

Add the new Azure Repos integration by visiting our Integrations page or read more about it in ourAzure Repos integration documentation.

Snyk will be participating in the upcoming Microsoft Build event (May 6-8 in Seattle) and showcasing its full solution for Azure ecosystem. Stop by our booth located at Booth #214. Stay secure!