Skip to content
| Marketplace
Sign in
Azure DevOps>Azure Pipelines>Qualys ETM Findings Connector
Qualys ETM Findings Connector

Qualys ETM Findings Connector

Qualys

|
1 install
| (0) | Free
Create workitems using Qualys Enterprise TruRisk Management (ETM)
Get it free

Qualys ETM Findings Connector

Working & Behaviour

The Enterprise TruRisk Management (ETM) extension enables seamless integration between ETM and Azure DevOps by automatically exporting and updating security findings from ETM into Azure DevOps as work items. ETM acts as the single source of truth for vulnerability data, ensuring that any changes to findings in ETM are always reflected in Azure DevOps.

By keeping findings up to date as work items, development and security teams can manage vulnerabilities within their familiar Azure DevOps workflows, prioritize fixes, and align remediation efforts with sprint and release management.

This extension supports cloud-based Azure DevOps setups and provides a reliable, one-way flow of data from ETM to Azure DevOps.

Add "Qualys ETM Findings Connector" task to pipeline

Install the Qualys ETM Findings Connector extension into your Visual Studio Team Services account and search for the task in the available tasks. The task will also appear in the Utility section of the task list. Add it to your build pipeline.

add_task

Task Configuration

Qualys Configuration using Service Connection

Create a new service connection to connect to the Qualys Gateway server. You need to provide the Qualys API Gateway URL, Qualys ClientID , Qualys ClientSecret and Azure DevOps Personal Access Token (PAT). If your Azure DevOps instance does not have direct Internet access and a proxy is required, click the "Use Proxy Settings" check box, and enter the required information.

add_task

Configure Filters to get specific Findings-

Asset QQL: You can configure the asset-level query here and multiple assets can be configure using a comma-separated format (for example: asset.assetID=12345,34563). If the query is not configured, it will pull detections for all assets.

Finding QQL: Finding QQL is a required field. At least one QQL must be configured to detect findings(For example: Finding.qds>50)

add_task

View Work Items

To view the work items/ ticket details, select the work item under Board Section.

The Qualys ETM Findings connector automatically creates, or updates work items in Azure DevOps based on Detection from Qualys. As part of this process, it maps specific fields from Qualys such as Finding ID, AssetID, severity, category, CVE ID, QDS score., Asset information, and detection details into the Azure DevOps work item.

add_task

View Work Item details-

add_task add_task

Release Notes

v1.0.0 -First version of the extension. Reference - User Guide

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2026 Microsoft