APIAikido login

AutoFix for Azure DevOps

Aikdo Autofix is a tool you can use to have Aikido fix vulnerabilities in 3rd party dependencies in your projects. It will do this by creating pull requests that remove the vulnerability via package updates or by other means. In some cases an Aikido Autofix can remove a whole class of vulnerabilities instead of just 1 issue.

Setup Autofix for Azure DevOps

All users within your workspace will need to setup Autofix individually.

By default, Aikido only has read access on your Azure DevOps instance. To use Aikido Autofix, a separate access token with write access is required. Please make sure that "Third-party application access via Oauth" is enabled for your organization, by going to "Organization settings" and then clicking "Policies".

Organization security policies for application access, public projects, and user invitations.

Step 1. Enable Autofix on the Autofix Settings page or go to Autofix Page and click on Enable Autofix.

Autofix dashboard showing 14 fixable security packages and an option to enable Autofix.

Step 2. Click Authorize

Aikido autofix setup screen prompting for write access authorization.

Step 3. Grant Aikido permissions to Write

Aikido Security Autofix requests code and user info access; options to accept or deny.

Step 4. Click save and you are all set. You will now be able to execute autofix PRs from the Autofix page or from the action menu for subissues in the sidebar (read more here).

Last updated

Was this helpful?