Qualys Enterprise TruRisk Management Finding Connector

Release v1.0.0

This guide explains how to install and use the Qualys ETM Finding Connector, which allows you to view your Qualys ETM finding data in Azure DevOps. 

The Qualys ETM Finding Connector app enables DevOps teams to integrate application findings into their existing CI/CD processes.

Features

The Qualys ETM Finding Connector offers the following functionality.

• Automatic Ticket Creation: Automatically creates Azure DevOps work items based on ETM detections to streamline tracking and remediation.

• Supported Work Item Types: Supports creating Task (default) and Bug work items in Azure DevOps.

• QQL-Based Filtering: Supports Asset QQL and Findings QQL to precisely control which ETM detections are processed and sent to Azure DevOps.

• OIDC Support: Supports OpenID Connect authentication (OIDC).
   

How it Works?

Prerequisites

To configure Qualys ETM Finding Connector for Azure DevOps, the following prerequisites must be met:

• You must have valid account credentials for an active Qualys ETM subscription. Ensure the account has API access enabled and a role assigned with all necessary permissions.

• An Azure DevOps Personal Access Token (PAT) is necessary, with permissions to Read, Write, and Manage work items, for securely authenticating and authorizing access when creating work items via the API. 

• OpenID Connect API authentication support must be enabled for your subscription.
  Contact Qualys Support to request activation of OpenID Connect API authentication for your subscription. For more details, refer to Onboarding OpenID Connect.
   

Quick Start Steps

1. Install the Plugin
2. Configure Plugin