Skip to main content

Documentation Index

Fetch the complete documentation index at: https://help.dsalta.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Azure DevOps is Microsoft’s suite of developer tools including Azure Repos, Pipelines, Boards, and Artifacts. DSALTA monitors repository security configuration, code review policies, and access management.
Read-only access. DSALTA never modifies, creates, or deletes resources in your Azure DevOps environment. All API access is strictly read-only.

Integration Details

PropertyValue
CategoryCode Repository
Data Library ModulesAccess, Code Changes
AuthenticationPersonal Access Token with Code (Read) scope
Sync FrequencyEvery 24 hours (manual sync available)
PermissionsRead-only

What Data DSALTA Collects

When you connect Azure DevOps, DSALTA automatically collects the following data on every sync cycle:
  • Repository configurations
  • Branch protection rules
  • Pull request review requirements
  • CI/CD status check enforcement
  • User access and permissions
Every record includes the integration name as its source, a sync timestamp, and is treated identically to manually entered records by auditors.

Key Use Cases

  • Enforce branch protection on all repositories
  • Require peer review before code merges
  • Ensure CI status checks pass before merging
  • Track offboarded user access revocation
  • Classify code repositories by criticality

How to Connect

1

Navigate to Integrations

Go to Settings → Integrations in your DSALTA dashboard and find Azure DevOps in the catalog.
2

Review Permissions

Review the permissions DSALTA requires. All access is read-only. Click Connect.
3

Authenticate

Follow the on-screen instructions to authenticate with your Azure DevOps account. Admin-level access is required for the initial setup.
4

Configure Scope

Select which accounts, projects, or resources DSALTA should monitor. You can adjust this later from the integration settings.
5

Initial Sync

DSALTA performs an initial data pull (typically 5–15 minutes). Automated compliance tests are generated immediately after sync completes.
After connecting, allow 15–20 minutes for the initial data sync. DSALTA may take up to 24 hours to fully evaluate all synced data and activate all relevant compliance tests.

Automated Compliance Tests

When you connect Azure DevOps, DSALTA automatically generates the following compliance tests. Each test runs every 24 hours and produces pass/fail evidence for your auditor.
TestDescription
Code repositories should be classifiedChecks that all Azure DevOps code repositories are classified by criticality.
Peer review should be enforced for code changesChecks that peer review is required before code changes can be merged in Azure DevOps.
Merging code changes should require passing status checksChecks that passing status checks are required before merging in Azure DevOps.
Branch protection rules should be enforced for adminsChecks that branch protection rules apply to admin users in Azure DevOps.
Code changes should be reviewed by peers before mergingChecks that all code changes are reviewed by at least one peer before merging in Azure DevOps.
Azure DevOps access should be removed for offboarded usersChecks that Azure DevOps access is revoked for offboarded users.
Tests run automatically every 24 hours. Failed tests generate alerts and appear in your compliance dashboard with remediation guidance. All test results are stored as audit evidence with timestamps.

Compliance Frameworks

This integration provides evidence for the following compliance frameworks:

SOC 2

Access controls, monitoring, and change management evidence.

ISO 27001

Asset management, access control, and operations security evidence.

GDPR

Access records and data processing evidence.

Troubleshooting

Re-authenticate by going to Settings → Integrations → Azure DevOps and clicking Reconnect. This usually happens when API tokens expire or permissions change.
Verify that the connected account still has the required admin permissions. Try a manual sync from the integration settings page. If the issue persists, check your Azure DevOps API rate limits.
Tests generate after the first successful data sync. If sync completed but tests are missing, ensure the relevant features are configured in Azure DevOps (e.g., GuardDuty must be enabled in AWS for GuardDuty tests to appear).
DSALTA syncs all users visible to the connected admin account. If users are missing, verify they are within the scope you configured during setup. Suspended or deleted accounts may not appear.