Snyk Documentation

Azure Repos overview

Snyk integrates with Microsoft Azure Repos to enable you to import your projects and monitor the source code for your repositories. Snyk tests the projects you’ve imported for any known security vulnerabilities found in the application’s dependencies, testing at a frequency you control.

Integration with Azure Repos is available for all of our pricing plans.

How it works

  1. The user generates a unique Azure DevOps personal access token generated for Snyk specifically. Together the username and password constitute a token that Snyk uses. The token authorizes Snyk to access the user’s repos for only the specific permissions that the user indicates to Azure Repos when generating it.
  2. The user selects projects and repositories for import to Snyk (for testing and monitoring). The user can also enter custom file locations for any manifest files that are not located in the root folders of their repositories.
  3. Snyk evaluates the items that the user selected and imports any that have relevant manifest files in their root folder. Snyk also imports files for which the user entered custom file locations (for any manifest files not located in root folders).
  4. Snyk communicates directly with Azure Repos for each test it runs to determine exactly what code is currently pushed and what dependencies are being used. Each dependency is tested against Snyk’s vulnerability database to see if it contains any known vulnerabilities.
  5. Based on your configurations, if vulnerabilities are found, Snyk notifies you via email or Slack so that you can take immediate remediation action.

Related topics