APIAikido login

Azure Pipelines CI: PR Gating via Aikido Dashboard

Make sure the person who sets up the integration has enough permissions in Azure to manage all repos.

Introduction

You can easily configure Azure DevOps PR Gating via the Aikido interface. This functionality allows you to block any newly introduced issues for a certain threshold that you decide. This doc focusses on managing configurations in bulk - multiple repos at the same time - without code.

Use Cases

  • Bulk Repository Management: Easily specify and manage configurations for multiple repositories at once through the Aikido interface.

  • Zero Code Integration: Install the Aikido app on Azure DevOps to manage checks without embedding any code, simplifying the setup process.

  • Cost Efficiency: By managing Azure DevOps Checks through Aikido, you avoid using CI minutes on Azure DevOps, leading to significant cost savings.

Setting up Azure DevOps CI

Step 1. Go to the Integrations Page and select Azure Pipelines in the CI gating section.

CI integration options for blocking risky code via GitHub, GitLab, Bitbucket, Azure, or API.

Step 2 (optional). Select PR Gating Configuration via Aikido Dashboard in the modal that pops up. Note: this modal will only popup if you have already used Azure Pipelines in code.

Select a PR gating method for Azure DevOps: dashboard or Azure Pipelines configuration.

Step 3. Grant Aikido the necessary permissions.

App authorization screen for Aikido Security PR Checks with requested permissions listed.

When the installation of the Azure DevOps checks integration does not work via the OAuth flow, you can also configure it to work with a Personal Access Token (PAT).

Step 4. Aikido redirects you to the Azure Pipelines page with an overview of your repos. You can start configuring your repos. We recommend starting out with 1 repo to make sure everything works well.

Step 5. Select repos in bulk and click Setup PR Scans button in the floating bulk actions bar on the bottom

Step 6.This will trigger the modal to choose the severity level for failure and the scans you want to execute.

GitHub repository security scan configuration settings management interface.

If you've added new repositories after the initial setup, you'll need to configure those repos as well.

When creating or updating PR's, you'll now see the status of the checks on the pull request in Azure DevOps.

Pull request overview for updating README.md, no conflicts or security issues detected.

Adding Exceptions for specific repos

You might want to have 1 specific repo where the configuration slightly differs. You can easily add exceptions by clicking the triple dots on a repo item or just select 1 or more items and go through the Configure Scans process again.

List of projects with critical vulnerabilities and configuration management options displayed.

Configure the PR gating to block pull request

The PR gating functionality can only make its own pipeline fail, but won't block the PR from getting merged. In order to ensure that a failing gate also prevents the PR from merging, you can follow these steps:

  1. Go to the project's settings page and navigate to "Repositories"

  2. Select the relevant repository where you'd like to make the PR gate required

    Repository settings configuration screen for "CompressionAlgorithm" in a project management interface.

  3. Navigate to the "Policies" tab

  4. Select the PR's target branch where you'd like to enforce the PR gating to be blocking, this is usually the default branch of the repository called "main" or "master".

    Branch policies and build validations settings for the 'main' branch in a project repository.

  5. Now add a new "Status Check" by clicking the "+" icon

  6. Select the Aikido PR checks from the dropdown and make sure that you select "Required"

    Configuring a required status policy to check code for vulnerabilities in pull requests.

  7. And lastly, hit "Save". The PR gating will now be required to be successful for merging PR's.

This can also be setup in bulk for all repositories in project via the "Policies" and adding a branch protection rule. It might be that the "Aikido Security/check code for vulnerabilities" check is not available in the dropdown, in which case you can add it manually there.

Last updated

Was this helpful?