Azure DevOps
Guide on integrating Azure DevOps with Ketryx
1. Introduction
This section provides an introduction to the integration of Azure DevOps with Ketryx. Our focus is on outlining the process of setting up this integration, utilizing Personal Access Tokens (PAT) to enhance your software development practices. This guide will walk you through the steps required to establish a connection between Azure DevOps and Ketryx.
1.2. Tools
Tools used to develop and release a product with Ketryx Lifecycle Management are provided in MAN-01 Ketryx Lifecycle Management. The release process is described in detail in MAN-02 Software Release Process, while setting up code repositories is described in MAN-03 Supply Chain Management.
Ketryx does not support Code Change Reviews with Azure DevOps at this time. We are working on adding this feature in the future. Please reach out if you this feature is a priority for you.
2. Repository access
The integration process with Azure DevOps varies slightly depending on whether you are working with public or private repositories. Here's a breakdown of the key differences:
2.1. Public Repositories
Accessibility: Public repositories are open to the public, meaning that anyone can view the repository content and its history.
Integration Setup: For public repositories, the setup process for integrating with Ketryx is generally straightforward. You do not need to use an access token for basic integration tasks, such as SOUP dependency analysis.
2.2. Private Repositories
Accessibility: Private repositories restrict access to authorized individuals or collaborators. Only those with permission can view and interact with the repository.
Integration Setup: When integrating with private repositories, you typically require an access token. This token ensures secure and authorized communication between Azure DevOps and Ketryx for tasks like SOUP dependency analysis.
It's important to consider your repository's visibility when setting up the integration, as public and private repositories have distinct access requirements. The integration guide provides specific instructions based on the type of repository you are working with, ensuring a seamless and secure integration experience.
3. Access tokens
3.1. Creating a Personal Access Token for Azure DevOps
Please see Azure DevOps's documentation.
3.2. Creating a fine-grained Personal Access Token for Azure DevOps
Make sure to choose the right organization as the Resource owner. On the screenshot below, fine-grained Personal Access Token will grant certain permissions only on the repositories owned by the Ketryx organization. In your case, the Resource owner will most likely be your organization (the company you are working for).
The following Read-only permissions are required for the integration with Ketryx:
Code
When creating the personal access token please make sure to select all necessary permissions for your application.
This token will serve as the authentication method to fetch the Git repository for SOUP dependency analysis from Azure DevOps.
When entering the authentication credentials in Ketryx, the username has no effect, but the password should be the PAT.
4. Related features
4.1. Using the Code Change Review feature with Azure DevOps
Ketryx does not support Code Change Reviews with Azure DevOps at this time. We are working on adding this feature in the future. Please reach out if you this feature is a priority for you.
Last updated
