Configure Azure DevOps Posting User

Code reviews for your Azure DevOps projects will be posted as a "PullRequest" member of your Azure DevOps team. In order to post code reviews, the user must be created in your Azure DevOps instance.

Prerequisites

The Azure DevOps posting user must be created by an individual on your team with the following administrative permissions:

A PullRequest account with an Owner role for the organization in question.
An Administrator role on your Azure DevOps Server Group.

Create Posting User

Log in to Azure DevOps as an Administrator and create a new user with the username PullRequest. PullRequest reviewers and systems will use this user to post code review content.

If preferred, an alternate name and avatar may be used.

We also recommend adding the HackerOne or PullRequest logo as the posting user's avatar - or one which is easily distinguishable from other members of your development teams.

Add Posting User to Projects

Add the posting user to all of the organizations/repositories you want code review on. Be sure to grant the user WRITE access so it's able to post comments.

In order to list a repository's collaborators, WRITE permissions are required. HackerOne will never write or modify code in your repositories without explicit consent. Read more about how we keep your code and data secure here.

Create Access Token

Log into Azure DevOps as the posting user you just created.

This may be easier in another browser or in a private/incognito tab so you can remain logged in as the Azure DevOps Owner user in your primary browser.

Click the profile icon at the top right and click Security from the drop-down menu. From here, click on Personal access tokens from the sidebar on the left. This should be accessible from the following path:

https://your-internal-azure.com/DefaultCollection/_usersSettings/tokens

Click New Token and create a Personal Access Token with the following properties:

Code - Read & Write and Status
Identity - Read

In order to function properly write permissions are required. PullRequest will never write or modify code in your repositories. Read more about how we keep your code and data secure here.

Once generated, copy the personal access token to your clipboard so we can configure the connection to Azure DevOps.

Connecting the PullRequest Proxy to Azure DevOps

Now, it's time to return to that text file we're editing on the proxy server. Go ahead and set the following keys based on what was configured above.

PROVIDER_TYPE=azuredevops
PROVIDER_BASE_URL=https://your-internal-azure.com
PROVIDER_USERNAME=PullRequest
PROVIDER_ACCESS_TOKEN=<access_token>

Make sure the PROVIDER_USERNAME is spelled exactly as the username of the posting user that was created. We highly recommend "PullRequest" or "HackerOne" (all one word, PascalCase) to maintain communication consistency.

PreviousConfigure Posting User NextConfiguring SSL

Last updated 2 years ago