Cyver Core integrates with multiple ticket and work management platforms, so you can easily export tickets and findings to the tooling your Dev team uses. That makes it easier to move tickets into remediation, so you can quickly roll changes into sprints, fix them, and sync the status in the Cyver Core portal.
Check your Azure Settings
The first step to linking your Cyver Pentest Portal to Azure DevOps is to set up third-party access in Azure.
1. Enable Third-Party Application Access via OAUTH
Pentester Portal - Allow the client to connect Azure DevOps
The client can connect Azure DevOps to export tickets and status information by enabling the toggle into Clients -> Open a client -> Client Portal tab:
Client Portal - Link Cyver Core to Your Azure DevOps Account
1. Go to Settings from the Menu
2. Click Integrations
3. Select Azure DevOps
4. Follow the steps to give Azure DevOps permission and make the necessary status configurations or more.
5. Enable Adjust Azure DevOps Project per {Project} for the Client (Manager) to select different Azure DevOps project per portal project
6. Choose the Default Parent work item to link findings in Link Findings to Parent work item - you will have the possibility to change this per project as well.
Your Azure DevOps account is now connected!
Configure Azure DevOps
1. Open a project
2. Click on Actions
3. Press Configure Azure DevOps
4. Select an Azure DevOps project from the list
5. Modify the Parent work item if needed.
Create a New Azure DevOps Ticket
1. Open a Finding
2. Click on Create Azure DevOps Ticket
3. Select the Type of Ticket
4. The Parent work item remains the one stated per project level, but you can change it for any reasons.
5. Click Create
Link to an Existing Azure DevOps Ticket
1. Open a Finding
2. Click Link to Existing Ticket
3. Type the Title of the Ticket you want to link
4. Click Link
Pentester portal - Azure DevOps Webhooks
This section describes webhooks and how to set them up for your Azure DevOps project. Webhooks provide a way to send a JSON representation of an Azure DevOps event to Cyver endpoint.
Configure webhook for work item updates
1. Get your API Key and save it by following the instructions on this article.
2. In your Azure DevOps project, go to Project settings
3. Select Service hooks from the menu
4. Click the green button (+) to create a new subscription
5. Select Web Hooks and click Next
6. From the Trigger on this type of event dropdown select Work item updated and set Area path if needed and click Next
7. Set the URL to https://connect.cyver.io/App/Integrations/AzureDevOpsWebhookEvent/WorkItemUpdated and paste the API Key from step 1 in the HTTP headers field.
The API Key header should be in this format: X-API-Key:xxxxxxxxxxxxxxxxxxxxxxxxxxxx
8. Click Test to verify that the web hook works as expected
9. Close the Test window and press Finish.
Client Portal – Enable Azure DevOps webhook for status updates
1. Go to Settings from the Menu
2. Click Integrations
3. Select Azure DevOps
4. Click Settings
5. Enable Sync Finding Status from Azure DevOps on Update
6. Configure status mappings
Configure webhook for work item comments
1. Get your API Key and save it by following the instructions on this article.
2. In your Azure DevOps project, go to Project settings
3. Select Service hooks from the menu
4. Click the green button (+) to create a new subscription
5. Select Web Hooks and click Next
6. From the Trigger on this type of event dropdown select Work item commented on and set Area path if needed and click Next
7. Set the URL to https://connect.cyver.io/App/Integrations/AzureDevOpsWebhookEvent/WorkItemCommentedOn and paste the API Key from step 1 in the HTTP headers field.
The API Key header should be in this format: X-API-Key:xxxxxxxxxxxxxxxxxxxxxxxxxxxx
8. Click Test to verify that the web hook works as expected
9. Close the Test window and press Finish.
Client Portal – Enable Azure DevOps webhook for work item comments
1. Go to Settings from the Menu
2. Click Integrations
3. Select Azure DevOps
4. Click Settings
5. Enable Sync finding comments from Azure DevOps
Have any more questions about connecting AzureDevOps to Cyver Core? Feel free to ask!