License Summary: Free for internal organisational use (including production) by your own employees and contractors, solely for your organisation's benefit.
Not for embedding, bundling, resale, hosting, offering as a service, or any paid commercial use without a license.
See Polyform Internal Use License for full terms.

Overview

Welcome to the Observes extension for Azure DevOps!

Our aim is to help your organisation achieve its DevOps compliance goals.

This extension will add the following capabilities to your Azure DevOps environment:

• The observes UI as a hub in Azure DevOps projects (where you would find the normal hubs for Boards, Repos, Pipelines, etc.)
• The observes scanners service connection for secure authentication of the scanner.
• The observes task for running scans within your pipeline.

We package up and present all components for observes into this single extension.

• UI: https://github.com/observes-io/observes-ui
• Scanner: https://github.com/observes-io/observes-scanner

Observes UI

Observes UI is a client-side web application for visualizing, managing, and exploring Azure DevOps resources, pipelines and their relationships. It is designed for internal use within your organization, providing a rich dashboard and interactive tools for DevOps inventory, compliance, and risk management. The input file is generated by the Observes Scanner.

Observes Scanner

Observes Scanner is a cross-platform CLI tool for scanning Azure DevOps organizations and its output is parsed by the Observes UI.

The scanner shapes the data to highlight relationships between CI/CD resources (repositories, agent pools, credentials) and pipelines (runs and and preview runs), along with an analysis of projects stats (repos, committers, pull requests).

Need to Know

Data Security

No data leaves the organisation in the self-hosted scan version. Data collection, processing and visualisation remains within your environment.

The Observes Scanner scans and creates a local json file. This file is published as a pipeline artifact associated with the run of the pipeline task.

You then manually download and upload the json file to the ADO hosted Observes UI. All data processing and visualization occurs within your browser.

License

This extension and its components are licensed under the Polyform Internal Use License.

You may:

• Use this software in production within your own organisation, including for scanning your own environment.
• Modify it internally for your own use.

You may not:

• Sell, resell, redistribute, embed, bundle, host, or offer the software as a service.
• Use it as part of a paid product, service, or consulting engagement without a commercial license.

“Internal organisational use” means use by employees and individual contractors of your organisation, solely for the benefit of your organisation, and not for any third party.

Commercial Licensing

If you wish to use our software for paid commercial purposes or include it in a product or service offered to third parties, please contact us at info@observes.io for commercial licensing options.

Supply Chain Security

We are committed to supply chain security and transparency. A Software Bill of Materials (SBOM) is published for each release.

• View the SBOMs for the components

Resources

• Observes.io Documentation Home
• Scanner Source Code GitHub Repository
• UI Source Code GitHub Repository
• App https://app.observes.io/ or your own self-hosted version