What is it?
Our Azure Boards integration enables development teams to resolve vulnerability issues quickly and confidently - with highly relevant and bite-sized secure coding learning within Azure Boards.
Why did we build this?
To help developers resolve vulnerabilities faster and learn secure coding continuously.
By bringing the relevant content to you when and where you need it, our integrations become part of the solution helping you stay in the flow rather than just scanning the code and showing problems without any help to solve them.
Ultimately, by learning continuously, you build skills to write secure code from the start - reducing vulnerabilities in the codebase.
How does it work?
When users or scanning tools create work items containing vulnerability information, our integration scans the text content and uses our Direct Linking API to fetch the most relevant content containing vulnerability descriptions, explainer videos, and links to relevant code exercises. This content is shown in a separate section named Secure Code Warrior.
The vulnerability information in the work item may be present in the title, description, or tags. The integration can detect Common Weakness Enumeration (CWE) or Open Web Application Security Project (OWASP) references as well as common vulnerability names and phrases.
Installation and configuration
The Azure Boards plugin can be downloaded from the VisualStudio Marketplace. No configuration is required.
What data is sent and stored by the integration?
What is sent to SCW and collected?
- Generic usage stats (opens, clicks) with source information (repository name and owner)
Matched vulnerability information without source information
What is sent to SCW but not collected?
- Only the matched reference information from the work item title, description and tags are sent to SCW to identify the learning resources but discarded after content is returned in the response