add docs for ADO SMS #1910
Open
add docs for ADO SMS #1910
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Don't forget to add
|
| Name | Link |
|---|---|
| 🔨 Latest commit | 7a804d4 |
| 🔍 Latest deploy log | https://app.netlify.com/sites/semgrep-docs-prod/deploys/678a6cc1c4f8f400089c3651 |
| 😎 Deploy Preview | https://deploy-preview-1910--semgrep-docs-prod.netlify.app |
| 📱 Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
khorne3
commented
Jan 16, 2025
khorne3
commented
Jan 16, 2025
s-santillan
reviewed
Jan 17, 2025
| ## Prerequisites and permissions | ||
|
|
||
| - Semgrep Managed Scanning requires repositories hosted by Azure DevOps Services. It currently doesn't support Azure DevOps Server. | ||
| - Semgrep recommends setting up and configuring Semgrep Managed Scanning with an Azure DevOps service account instead of a personal account. Regardless of whether you use a personal or service account, the account must be assigned the **Owner** or **Project Collection Administrator** role for the organization. |
There was a problem hiding this comment.
Suggested change
| - Semgrep recommends setting up and configuring Semgrep Managed Scanning with an Azure DevOps service account instead of a personal account. Regardless of whether you use a personal or service account, the account must be assigned the **Owner** or **Project Collection Administrator** role for the organization. | |
| - Semgrep recommends setting up and configuring Semgrep Managed Scanning with an Azure DevOps service account, not a personal account. Regardless of whether you use a personal or service account, the account must be assigned the **Owner** or **Project Collection Administrator** role for the organization. |
Suggesting "not" for emphasis.
s-santillan
reviewed
Jan 17, 2025
| - Semgrep Managed Scanning requires repositories hosted by Azure DevOps Services. It currently doesn't support Azure DevOps Server. | ||
| - Semgrep recommends setting up and configuring Semgrep Managed Scanning with an Azure DevOps service account instead of a personal account. Regardless of whether you use a personal or service account, the account must be assigned the **Owner** or **Project Collection Administrator** role for the organization. | ||
| - During setup and configuration, you must provide a personal access token generated by the account. This token must be granted the **Project and Team: Read & write** scope. | ||
| - Once you have Managed Scanning fully configured, you can update the token to one with a more limited scope, specifically **Project and Team: Read**. |
There was a problem hiding this comment.
Suggested change
| - Once you have Managed Scanning fully configured, you can update the token to one with a more limited scope, specifically **Project and Team: Read**. | |
| - Once you have Managed Scanning fully configured, you can update the token to **Project and Team: Read**, a more limited scope. |
Just being more direct with the token scope. Feel free to ignore.
s-santillan
reviewed
Jan 17, 2025
| - During setup and configuration, you must provide a personal access token generated by the account. This token must be granted the **Project and Team: Read & write** scope. | ||
| - Once you have Managed Scanning fully configured, you can update the token to one with a more limited scope, specifically **Project and Team: Read**. | ||
|
|
||
| ## Enable Managed Scanning and scan your first repository |
There was a problem hiding this comment.
Suggested change
| ## Enable Managed Scanning and scan your first repository | |
| ## Enable Managed Scans and scan your first repository |
s-santillan
reviewed
Jan 17, 2025
| 1. In Semgrep AppSec Platform, click **<i class="fa-solid fa-folder-open"></i> Projects**. | ||
| 2. Click **Scan new project > Semgrep Managed Scan**. | ||
| 3. Select **Azure Devops** as your source code manager. | ||
| 4. On the **Add to Azure DevOps Pipeline** page, provide the following information, then click **Connect** to proceed: |
There was a problem hiding this comment.
Suggested change
| 4. On the **Add to Azure DevOps Pipeline** page, provide the following information, then click **Connect** to proceed: | |
| 4. On the **Add to Azure DevOps Pipeline** page, provide the following information: |
s-santillan
reviewed
Jan 17, 2025
| 4. On the **Add to Azure DevOps Pipeline** page, provide the following information, then click **Connect** to proceed: | ||
| 1. Your **Access token**. See [User personal access tokens](https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate) for token generation information. Ensure you set the Azure DevOps SCM name to `organization_name/project_name`. | ||
| 2. The name of your **Azure DevOps Project**. | ||
| <!-- vale on --> |
There was a problem hiding this comment.
Suggested change
| <!-- vale on --> | |
| 5. Click **Connect** to proceed. | |
| <!-- vale on --> |
Making Connect its own step so that people don't miss it.
s-santillan
reviewed
Jan 17, 2025
| If you plan to continue running some scans in Azure DevOps Pipelines (for example, using Managed Scans to run weekly full scans but Pipelines for diff-aware scans) you can leave the workflow file in place, and edit it to reflect your desired configuration. | ||
|
|
||
| :::tip | ||
| Semgrep preserves your findings, scans, and triage history. |
There was a problem hiding this comment.
So important. Thanks for calling this out.
s-santillan
reviewed
Jan 17, 2025
|
|
||
| <ScanWithSms /> | ||
|
|
||
| ## Disable webhooks |
There was a problem hiding this comment.
If they disable the webhooks, that disables managed scanning then, right?
s-santillan
reviewed
Jan 17, 2025
|
|
||
| ### Scan logs | ||
|
|
||
| #### Most recent scan |
There was a problem hiding this comment.
I'm foreseeing a snippetified world when we have many of these SCMs.
s-santillan
approved these changes
Jan 17, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Preview
Please ensure