Overview

Azure DevOps Extension for using OX Security to scan for vulnerabilities in your software projects. Scans include searching for secrets, SAST issues, SCA and Open Source dependecy issues, IaC issues, etc. Scans can be configured to highlight critical issues or automatically block risks introduced into the codebase as part of your pipeline based on security policies. Security policies can be configured per repository in the OX Security application.

The Extensions provides a Service Connection, a Task for scanning your code and a Build Results Tab for viewing scan results.

Generating an OX Security API key

Once you login to your OX Security account, an API key can be generated on the API key settings tab of the Settings page. This API key needs to be added into the OX Service Connection.

Usage

You can use the OX Security Scan Task as follows in your Azure Pipelines:

steps:
    - task: OXSecurityScan@1
      inputs:
          serviceConnectionEndpoint: 'OX connection'

You can view all available inputs along with their description in the Azure Pipelines editor.

Support

If you want to learn more or have any questions, contact us at support@ox.security.