Set up Azure DevOps

Installing the oak9 plugin within Microsoft Azure Pipeline enables quick tracking, identifying, and remediating issues that could jeopardize the application’s security posture over time by suggesting fixes that are made available for vulnerabilities or as new vulnerabilities are disclosed.

Create an oak9 account

To start using oak9 as part of the pipeline build, first create an oak9 account by clicking here , and follow the onboarding instructions.

Install Oak9 extension Azure DevOps

  1. 1.
    From the oak9 platform, navigate to Integrations and select “Add Integration“ Button under Azure DevOps in the CI/CD Integrations. See Figure Below
2.Follow the steps on the pop up to begin the integration.
3.Select the open visual studio marketplace and the screen will be directed to the Azure DevOps Marketplace.
4. Search for oak9 extension and get it for free.

Set up a Service Connection

1.Navigate to the Project Settings and select Service connections under "Pipelines" from the left panel menu
2. Search for Oak9 in the service connections
3. Select Oak9 and then proceed to the next button
4. Copy paste the Tenant Name and API Token from oak9 and add a service connection name
5. oak9 can now be viewed on the service connections page
6. If your organization restricts pushing commits based on e-mail addresses, you will have to add an oak9 e-mail to your whitelist. Go to Project Settings --> Repositories --> Policies and in the whitelist for "Commit author email validation" add [email protected]

Add oak9 Task to the Azure pipeline

1. Navigate to the pipeline and select edit
2. In Tasks, search for oak9
3. Copy the Project Name from oak9’s Azure DevOps integration
Another option is to copy and paste the code snippet directly to the task and enter the appropriate information.
4. Save and then run the pipeline. This will allow oak9 to scan the pipeline for any existing Design Gaps(vulnerabilities)
5. Once the job run is successful, oak9 Analysis Report can be found for the pipeline
This analysis report can also be viewed by selecting the pipeline with oak9 Task and navigating to extensions
Example of a passed report
Example of a failed report