Release Notes

Version 1.0.2

February 05, 2026

Support for Custom and System Fields

This release introduces support for mapping and passing additional fields to downstream Azure DevOps work items. Both custom and predefined Azure DevOps system fields can now be configured for ticket creation. A new configuration option in the plugin UI accepts field values in JSON format, enabling greater flexibility in defining work item data.

The connector processes the provided JSON input and maps key-value pairs directly to corresponding Azure DevOps fields. Field mapping requires the Azure DevOps field reference name as the JSON key and the desired value as the input.

Example JSON configuration

{
  "Custom.BugFoundIn": "Sprint1",
  "custom.Efforts": 3,
  "Microsoft.VSTS.TCM.ReproSteps": "NA"
}

For more details, refer to Configure Plugin for Build Pipelines Projects.

Version 1.0.1

November 25, 2025

Support for Additional Pipeline Types

In the release, we have added support for 'Release pipelines' and 'YAML pipelines', in addition to existing Build pipeline support. This enables expanded compatibility across various CI/CD workflows.

For more details about Configuration, refer to Configure Plugin.

Updated Work Item Issue Type  

The connector will now create remediation tickets as 'Bug' work items instead of 'Task', ensuring better alignment with vulnerability and defect tracking workflows. Severity-based prioritization remains supported, and status transitions continue to work across all Azure DevOps process models, including CMMI, Scrum, and Agile.

Version 1.0.0

August 28, 2025

We are introducing a new TotalAppSec extension that integrates Qualys TotalAppSec (TAS) with Azure DevOps. This extension automatically creates and updates work items in Azure DevOps for TAS findings, enabling security and development teams to collaborate within their existing workflows.

Each work item includes key details such as finding ID, QID, severity, category, source, vulnerability information, application context, finding score, and results. These fields provide the necessary context to prioritize, investigate, and remediate issues efficiently.

This integration reduces manual effort by automating ticket creation, ensures up-to-date visibility of vulnerabilities, and helps teams align remediation activities with sprints and releases.

The extension supports cloud-based Azure DevOps environments and provides a reliable, one-way flow of data from TotalAppSec to Azure DevOps, with TotalAppSec serving as the single source of truth for vulnerability data.

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: February, 2026