add ADO to SMS quickstart (#1955)

khorne3 · web-flow · commit 854c2cf50d0c · 2025-02-06T11:40:11.000-06:00
diff --git a/docs/getting-started/quickstart-sms.md b/docs/getting-started/quickstart-sms.md
@@ -28,23 +28,52 @@ import TabItem from '@theme/TabItem';
 <Tabs
     defaultValue="gh"
     values={[
+    {label: 'Azure DevOps', value: 'ado'},
     {label: 'GitHub', value: 'gh'},
     {label: 'GitLab', value: 'gl'},
     ]}
 >
 
-<TabItem value='gh'>
+<TabItem value='ado'>
+
+### Prerequisites
+
+Admin access to your Azure DevOps organization.
 
 ### Requirements
 
-To enable and use this feature, you must grant Semgrep **Read access** to your code. Steps are provided in [Add repositories to Semgrep Managed Scans](#add-repositories-to-semgrep-managed-scans).
+Read access is granted through an access token you generate on Azure DevOps. You can provide this token by [adding Azure DevOps as a source code manager](/deployment/connect-scm#azure-devops-cloud).
 
-Read access is permitted through a private Semgrep app that you create and register yourself. See [Managed Scans > Security](/deployment/managed-scanning/overview#security) for more information on how Semgrep handles your code.
+Semgrep recommends setting up and configuring Semgrep with an Azure DevOps service account, not a personal account. Regardless of whether you use a personal or service account, the account must be assigned the **Owner** or **Project Collection Administrator** role for the organization. During setup and configuration, you must provide a personal access token generated by this account. The scopes you must assign to the token include:
+
+- `Project and Team: Read & write`
+- `Code: Read`
+- `Pull Request Threads: Read & write`
+
+### Add a repository
+
+<!-- vale off -->
+1. Sign in to [Semgrep AppSec Platform](https://semgrep.dev/login)
+2. Navigate to **Projects**, and click **Scan new project > Semgrep Managed Scan**.
+3. In the **Enable Managed Scans for repos** page, select the repositories you want to add to Semgrep Managed Scans.
+4. Click **Enable Managed Scans**. The **Enable Managed Scans** dialog appears. By default, Semgrep runs both full and diff-aware scans.
+5. Click **Enable**. You are taken to the **Projects** page as your scans begin.
+<!-- vale on -->
+
+</TabItem>
+
+<TabItem value='gh'>
 
 ### Prerequisites
 
 Admin access to your GitHub organization.
 
+### Requirements
+
+To enable and use this feature, you must grant Semgrep **Read access** to your code. Steps are provided in [Add repositories to Semgrep Managed Scans](#add-repositories-to-semgrep-managed-scans).
+
+Read access is permitted through a private Semgrep app that you create and register yourself. See [Managed Scans > Security](/deployment/managed-scanning/overview#security) for more information on how Semgrep handles your code.
+
 ### Add a repository
 
 <!-- vale off -->
@@ -63,14 +92,14 @@ Admin access to your GitHub organization.
 </TabItem>
 <TabItem value='gl'>
 
-### Requirements
-
-Read access is granted through an access token that you generate on GitLab. You can provide this token by [adding GitLab as a source code manager](/deployment/connect-scm).
-
 ### Prerequisites
 
 Admin access to your GitLab organization.
 
+### Requirements
+
+Read access is granted through an access token that you generate on GitLab. You can provide this token by [adding GitLab as a source code manager](/deployment/connect-scm).
+
 ### Add a repository
 
 <!-- vale off -->
