Configure Azure DevOps Posting User

Prerequisites

The Azure DevOps posting user must be created by an individual on your team with the following administrative permissions:

• A HackerOne Code user with an Owner role for the organization in question.

• An Administrator role on your Azure DevOps Server Group.

Create Posting User

Log in to your GitHub instance as an administrator and create a new user with the username HackerOne or PullRequest. HackerOne Code will use this user to post scan results and validated issues.

***We strongly recommend adding the following image as the posting user's avatar. This provides a much better end-user experience; it allows the service to be easily identified in the GitHub interface:

Add Posting User to Projects

Add the user you just created to all of the organizations/repositories you want code review on. Be sure to grant the user the appropriate access so it's able to read repositories and pull requests, view code and post comments.

Create Azure DevOps Access Token

Log into Azure DevOps as the PullRequest user you just created.

Click the profile icon at the top right and click Security from the drop-down menu. From here, click on Personal access tokens from the sidebar on the left. This should be accessible from the following path:

https://your-internal-azure.com/DefaultCollection/_usersSettings/tokens

Click New Token and create a Personal Access Token with the following properties:

• Code - Read & Write and Status

• Identity - Read

Once generated, copy the personal access token to your clipboard so we can configure the connection to Azure DevOps.

Connecting PullRequest Proxy to Azure DevOps

Now, it's time to return to that text file we're editing on the proxy server. Go ahead and set the following keys based on what was configured above.

PROVIDER_TYPE=azuredevops
PROVIDER_BASE_URL=https://your-internal-azure.com
PROVIDER_USERNAME=PullRequest
PROVIDER_ACCESS_TOKEN=<access_token>