Troubleshooting

Go through the following solutions to troubleshoot the errors:

You entered valid Qualys credentials, but the drop-down menu to select a Web application, Authentication Record Name, or Profile Name is empty or does not show the desired values.

Verify that the Qualys account provided has a proper role or scope to access the web application you wish to scan, the auth record, or the option profile you want to use. Ensure the account has been set up to meet the required roles and scope.

When Azure DevOps users with 'Build Administrator' or any equivalent permission log in, the web application drop-down is not populating even when web applications are present on the respective Qualys account.

Developer tool Error: "You do not have permission to perform this operation on the service connection. An Endpoint Administrator should add you to the Endpoint Readers group of this service connection."

Solution:

The error occurred because the logged-in Azure user may not have permission to consume/use the service connection configured in the Qualys WAS task.

The issue can be resolved by assigning the 'USER' role to the respective Azure user for configuring service connection. This needs to be done by the Endpoint administrator (the creator of the service connection is automatically assigned with this role).

1. Navigate to Project Settings > Service Connection > Open the Service Connection entry.
2. Go to the more actions at the top-right corner and choose Security.
3. Under User Permissions, add the Azure user and assign the role 'User'

Ref. - https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml#secure-a-service-connection