Azure DevOps
The Azure DevOps Integration provides SailPoint Entro with continuous, read-only visibility into repositories, pipelines, and projects across your Azure DevOps organization. It enables automatic detection of exposed secrets, misconfigured credentials, and high-risk tokens within source code and CI/CD environments.
Navigation Path
Management → Accounts & Integrations → Add New Account (top right) → Azure DevOps
Purpose
Azure DevOps often contains sensitive data embedded in:
-
Pipeline variables and YAML definitions
-
Repository code and configuration files
-
Build scripts and deployment manifests
SailPoint Entro scans these components securely to identify and alert on exposed secrets before they can be exploited.
Supported Resources
Once connected, SailPoint Entro analyzes:
-
Repositories (including all active branches and commits)
-
Pipelines and build definitions
-
Service connections and automation tokens
-
Variable groups and project configurations
Architecture
+-------------------+ +-----------------------+
| Entro Console | | Azure DevOps API |
| (Control Plane) | <------> | (Projects/Users) |
+-------------------+ +-----------------------+
^ ^
| +-----------+ |
+--------> | Entra ID | <-------+
| (App Reg) |
+-----------+
SailPoint Entro communicates with Azure DevOps using OAuth 2.0 bearer tokens generated via the Microsoft Identity Platform.
Security Model
- All communication occurs via HTTPS/TLS 1.2+
- SailPoint Entro performs no write or modification actions
- Client secret can be revoked anytime via the SailPoint Entro application in Entra ID
Integration Flow
-
Add SailPoint Entro Application to Azure DevOps Org
Add the integrated SailPoint Entro application (Service Principal) to the Azure DevOps organization and assign the relevant projects and groups.
-
Submit Application Details to SailPoint Entro
Provide the SailPoint Entro application details and client secret.
-
SailPoint Entro validates access
SailPoint Entro validates the client secret and the permitted scopes.
-
Scanning begins
SailPoint Entro begins scanning connected repositories, pipelines, and configurations.
-
Findings in SailPoint Entro Console
Findings appear in the SailPoint Entro Console with metadata and remediation guidance.