Adding Azure DevOps Repositories
This guide includes adding a PullRequest user to your Organization, authorizing your Azure DevOps account with PullRequest, installing and syncing your repositories.
Last updated
This guide includes adding a PullRequest user to your Organization, authorizing your Azure DevOps account with PullRequest, installing and syncing your repositories.
Last updated
NOTE: If your organization uses the access management service, please let your HackerOne implementation or accounts contact know.
In order for our system to post feedback to your Azure pull requests, a posting user must be added to your team.
Open your Azure DevOps Organization Settings and click Users -> Add Users
In the Users field, add: azure@pullrequest.com
The user will need Basic access and will need to be added to all of the Projects you'll need review coverage on.
If possible, we recommend selecting Add all Project access so there's no disruption in service as coverage is needed. You'll be able to maintain control for restricting and enabling service for certain repositories through our dashboard (see ).
Once the user is aded, an invitation will be sent to the HackerOne implementation team to accept.
You'll then be prompted to authorize your Microsoft account with PullRequest, click Accept.
Our integration adheres to the principle of least privilege, ensuring that it only has the access necessary to perform its intended function—providing valuable insights in pull request discussions. Here are the permissions we require and how we use them.
After authorizing with your Microsoft account, you'll be directed to a page to select which Azure DevOps Organization you want to install PullRequest on.
You'll be asked to allow PullRequest to access All repositories or Only select repositories.
PullRequest recommends selecting the All repositories option so you won't need to repeat this step each time your team creates a new repository.
After you've made your selection, click the Connect button.
Before sending code reviews to the PullRequest network, a member of the PullRequest team will need to accept the invitation sent in step 1 to add the PullRequest posting user.
You'll be able to confirm this when the azure PullRequest user is displayed with the PullRequest logo as an avatar in your Organization Settings screen.
If you haven't already, visit and create a user account by authenticating with Azure DevOps.
After , you'll be prompted to authorize and connect with a version control hosting provider. Click the Sync with Azure DevOps option.
Required Permissions for Azure DevOps Integration
To enable our service to post comments on pull requests in your Azure DevOps repositories, it requires the vso.code_write Code scope. It includes the ability to "create and manage code reviews" - this is necessary for posting pull request comments and interacting with discussion threads.
Our service never updates or deletes source code in your repository. The write permission is used exclusively for adding and interacting with comments to pull requests. Our integration only makes API calls related to commenting and DOES NOT execute any code-modifying operations.
Your repositories should now appear on the PullRequest page when the Azure DevOps Organization is selected from the Organizations drop-down menu at the top-left portion of the screen.
