Azure DevOps
Overview
Visualize and analyze Azure DevOps resources, including projects, repositories, pipelines, artifacts, and work items. Gain insights into visibility, governance, and pipeline execution. Monitor compliance, manage permissions and policies, and analyze repositories and artifacts for vulnerabilities. Enable comprehensive tracking of development activities and ensure alignment with organizational security and compliance requirements.
Configurations
Blueprint Account Name
A human-readable name for your account that will be used to identify this account across the application.
Azure PAT
Azure Personal Access Token with the necessary permissions.
Azure Organization URL
The URL of your Azure DevOps organization.
Data Crawl Frequency
The frequency at which Kaleidoscope will crawl the account for resources.
Event Crawl Frequency
The frequency at which Kaleidoscope will crawl the account for events.
Resource Selection
Selectively include or exclude certain resources.
Permissions
The Azure DevOps blueprint requires a Personal Access Token (PAT) which you can create by navigating to https://dev.azure.com/{organization}/_usersSettings/tokens (replace {organization} with your organization name). Please ensure that you give the token a descriptive name, set an appropriate expiration date, and manually select the required permissions listed below.
Required Permissions:
Group
graph:read
User
graph:read
Project
projects-and-teams:readpackaging:readbuild:read
Team
projects-and-teams:read
Repository SBOM
code:read
Secret Scan
code:read
Permission Details:
code:read
Code
Read repository content, branches, commits, and perform secret scanning
build:read
Build
Access build definitions, build results, and pipeline information
project:read
Project and team
Read project information, team details, and organizational structure
graph:read
Graph
Access user and group information for identity management
packaging:read
Packaging
Read package and artifact information from Azure Artifacts
For more details on the Azure DevOps permissions, you can refer to the following documentation: Azure DevOps Services REST API Reference
SBOM Generation
The Azure DevOps blueprint includes SBOM (Software Bill of Materials) generation for repositories. This provides comprehensive vulnerability scanning and dependency analysis for source code and applications.
For information about supported languages and package managers for SBOM generation, see: SBOM
Schema Model
Commit Reference
azuredevops.project.CommitRef
Commit
A commit reference in Azure DevOps project.
Tag Definition
azuredevops.project.TagDefinition
Tag
A tag definition in Azure DevOps project.
Group
azuredevops.group.Group
UserGroup
A specific group within Azure DevOps.
Identity Reference
azuredevops.project.IdentityRef
Identity
An identity reference in Azure DevOps project.
Reviewer Identity Reference
azuredevops.project.ReviewerIdentityRef
Identity
A reviewer identity reference in Azure DevOps.
Pipeline
azuredevops.project.Pipeline
Pipeline
A pipeline in Azure DevOps project.
Pull Request
azuredevops.project.PullRequest
PullRequest
A pull request in Azure DevOps project.
Pull Request Completion Options
azuredevops.project.PullRequestCompletionOptions
Option
Completion options for pull requests.
Project Reference
azuredevops.project.ProjectRef
Project
A project reference in Azure DevOps.
Project
azuredevops.project.Project
Project
A project in Azure DevOps.
Web API Team
azuredevops.project.WebApiTeam
Team
A web API team in Azure DevOps.
Repository
azuredevops.project.Repository
Repository
A repository in Azure DevOps project.
Fork
azuredevops.project.Fork
Repository
A forked repository in Azure DevOps.
Author
azuredevops.project.Author
Identity
The author of a commit in Azure DevOps.
Status
azuredevops.project.Status
Status
A status in Azure DevOps project.
Status Context
azuredevops.project.StatusContext
Context
A context for statuses in Azure DevOps.
Comment
azuredevops.project.Comment
Comment
A comment in Azure DevOps project.
Push
azuredevops.project.Push
Push
A push event in Azure DevOps project.
Pull Request Comment Thread
azuredevops.project.PullRequestCommentThread
Thread
A comment thread on a pull request.
Comment Thread Context
azuredevops.project.CommentThreadContext
Context
Context for a comment thread in Azure DevOps.
Comment Position
azuredevops.project.CommentPosition
Position
Position of a comment in Azure DevOps.
User
azuredevops.user.User
User
A user in Azure DevOps.
Feed
azuredevops.project.Feed
Feed
A feed in Azure DevOps project.
Upstream Source
azuredevops.project.UpstreamSource
Source
An upstream source in Azure DevOps feed.
Feed View
azuredevops.project.FeedView
View
A view in Azure DevOps feed.
Feed Permission
azuredevops.project.FeedPermission
Permission
Permissions for Azure DevOps feed.
Package
azuredevops.project.Package
Package
A package in Azure DevOps feed.
Minimal Package Version
azuredevops.project.MinimalPackageVersion
Version
A minimal package version in Azure DevOps.
Work Item Comment Version Reference
azuredevops.project.WorkItemCommentVersionRef
CommentRef
Reference to a comment version in work item.
Work Item Reference
azuredevops.project.WorkItemReference
Reference
Reference to a work item in Azure DevOps.
Work Item
azuredevops.project.WorkItem
Record
A work item in Azure DevOps project.
Work Item Comment
azuredevops.project.WorkItemComment
Comment
A comment on a work item in Azure DevOps.
Work Item Relation
azuredevops.project.WorkItemRelation
Relation
A relation between work items in Azure DevOps.
Team
azuredevops.team.Team
Team
A team in Azure DevOps.
Team Member
azuredevops.team.TeamMember
Member
A member of a team in Azure DevOps.
Identity
azuredevops.project.Identity
Identity
Identity of a user in Azure DevOps.
Branch Stats
azuredevops.project.BranchStats
Stats
Branch statistics in Azure DevOps.
Commit
azuredevops.project.Commit
CodeCommit
A commit in Azure DevOps project.
User Date
azuredevops.project.UserDate
UserDate
User date information in Azure DevOps.
Build
azuredevops.project.Build
Build
A build in Azure DevOps project.
Task Orchestration Plan
azuredevops.project.TaskOrchestrationPlan
Plan
A task orchestration plan in Azure DevOps.
Definition
azuredevops.project.Definition
Definition
A build definition in Azure DevOps.
Build Artifact
azuredevops.project.BuildArtifact
Artifact
An artifact of a build in Azure DevOps.
Artifact Resource
azuredevops.project.ArtifactResource
Resource
A resource associated with a build artifact.
Task Agent Pool
azuredevops.project.TaskAgentPool
Pool
A task agent pool in Azure DevOps.
Agent Pool Queue
azuredevops.project.AgentPoolQueue
Queue
An agent pool queue in Azure DevOps.
Build Request Validation Result
azuredevops.project.BuildRequestValidationResult
Result
Validation result for a build request.
Build Log
azuredevops.project.BuildLog
Log
A build log in Azure DevOps project.
gitleak findings
sca.secretscan.Finding
Vulnerability
Last updated
Was this helpful?