Configure Plugin for Build Pipelines Projects

You can use the Qualys ETM Finding Connector extension as a pre-deployment task in your project pipeline.

After installing the Qualys ETM Finding  Connector, you can see this plugin as a task in your pipeline.

Before adding the plugin, you need to create the Classic Build Pipeline. For more details, refer to How to Create Classic Build Pipeline.

How to Create Classic Build Pipeline

To create a Classic Build Pipeline, perform the following steps:

Step 1: Enable the Classic Build Pipeline Option

By default, YAML pipelines are favoured, and the Classic editor may be disabled.

To enable the classic editor:

  1. Go to Organization Settings in Azure DevOps.

  2. Navigate to Pipelines > Settings.

  3. Ensure the Disable creation of classic build pipeline option is turned off (that means classic pipelines are not disabled)

The Use the classic editor option is displayed when creating a new pipeline.

Step 2: Create a Classic Build Pipeline

Once the feature is enabled, follow these steps:

  1. In your project, go to Pipelines and select New Pipeline.

  2. Choose Use the classic editor to create a pipeline without YAML.

  3. Select your source (for example, Azure Repos Git), repository, and branch.

  4. Choose a template or start with an Empty job.

Add Plugin

To add a plugin, perform the following steps:

  1. Under your agent job in the Tasks tab, click  Add, and search for Qualys ETM Finding Connector.
  2. To add the plugin as a task in the build pipeline, click Add.
    After you click Add, the task gets added below the Agent Job. 

Configure Plugin

To configure the plugin, perform the following steps: 

  1. Below the Agent Job, click the task that you want to configure.

    Click the task to configure the plugin.

  2. Enter the Display name.  

  3. From the Type of Work Item dropdown, choose Bug or Task as required.

  4. Then, configure the ETM service endpoint. 

    To connect with ETM APIs, you need to configure the service endpoint using a Qualys account and, if necessary, a proxy on your Azure DevOps instance for the organization where the Qualys ETM Finding Connector is installed.

     To create work items through the API, you will need a Personal Access Token (PAT) to securely authenticate your access to Azure DevOps.

    To configure service endpoints, perform the following steps:

    1. Go to the ETM service/server endpoint field and click New.
      Go to the ETM service/server endpoint field and click New.

    2. In the New service connection window, enter the Qualys Gateway URL where your Qualys ETM account resides. For more information, refer to Qualys Platform Identification page.

    3. Enter your account credentials for authenticating to the ETM API server.

    4. Provide Azure DevOps Personal Access Token (PAT) with the required permissions of Read, Write, and Manage work items.

    5. Provide a Service connection name to the new connection.

    6. You can use this service connection to all pipelines in the same project by selecting the Security checkbox.

    7. Click Save.

      Once added, the ETM service endpoint is listed in the ETM service/server endpoint' drop-down field.

      If your Azure DevOps instance does not have direct Internet access and requires a proxy, click Use Proxy Settings check box, and enter the proxy server information.

  5. Configure Asset Level Filter - You can configure the asset-level query here; multiple assets can be configured using a comma-separated list (for example: asset.assetID=12345,34563). If the query is not configured, it will pull detections for all assets.

  6. Configure  Finding Level Filter - finding QQL is a required field. At least one QQL must be configured to detect findings.

  7. Timeout Setting

    The ETM connector may take 45 to 60 minutes to fetch the report. After the report is retrieved, the pipeline starts creating tickets based on the report data.
    However, the pipeline execution is currently timing out after 60 minutes due to the default timeout limit on Microsoft-hosted Azure DevOps agents.

    To avoid this issue, please take one of the following actions on your end:

    • Increase the pipeline or job timeout configuration to match the required execution time.
    • Use a self-hosted Azure DevOps agent, which does not have the 60-minute execution limit.
    • Purchase additional Azure DevOps hosted agent capacity if a longer execution time is required on Microsoft-hosted agents.

  8.  Click Save and queue.

 

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: February, 2026