Technology Partners

Azure DevOps Pipelines & InsightAppSec

Azure DevOps Pipelines & InsightAppSec Integration Brief

Automate Application Security Testing Within Your Build Pipeline

With Azure DevOps Pipelines and Rapid7 InsightAppSec

Integration Benefits

  • Reduce the presence of application vulnerabilities exposed to attack.
  • Identify security issues earlier in the SDLC, when they are less costly to fix.
  • Adopt a DevSecOps mentality and reduce friction between development, security, and IT teams with automated, end-toend workflows.

Application development moves at a blistering pace; releases that used to come out once or twice yearly now happen weekly, daily—even continuously. While modern web technologies and tools like continuous integration/continuous delivery (CI/CD) have helped accelerate the pace of development, these same forces also make it difficult for application scanners to crawl and test your modern apps.

Rapid7 InsightAppSec integrates with Azure DevOps Pipelines to empower development teams to autonomously test the integrity of their applications in runtime within their own CI/CD workflows. Using the extension within a pipeline gives security teams essential feedback regarding a web application’s security posture and risk status as part of existing processes; this way, your team can pass/fail builds and fix faster.

How It Works

The Azure DevOps extension utilizes the InsightAppSec RESTful API to dynamically retrieve applications, launch scans, monitor their progress, and generate reports based upon scan results. Leveraging this extension within Azure Pipelines will provide essential feedback regarding a web application’s security posture and vulnerability findings as an integrated CI/CD task.

This extension can be leveraged as both a Build and a Release task within Azure DevOps.

Key Capabilities

This extension is designed to:

  • Launch new InsightAppSec scans during build or release
  • Perform scan monitoring
  • Provide reports of scan results
  • Provide raw scan results
  • Enforce scan gates based on vulnerability query filters

Scan Gating provides an automated way to fail tasks as part of a build, should scan results meet a defined vulnerability query. This stops certain identified risks from being promoted into production.

Integration Overview

Download this integration overview PDF.

Download Now

Get Started

Visit the Visual Studio Marketplace to get the InsightAppSec Azure DevOps extension.

Learn More

Need help with an integration?

Please contact Rapid7 for support or assistance at +1.866.380.8113, or view all of our support options.

Get Support

Get Started

Visit the Visual Studio Marketplace to get the InsightAppSec Azure DevOps extension.

Learn More