Get Started with Qualys Web App Scanning Connector for Azure DevOps

Release v1.3.1

This document provides information about using the Qualys Web App Scanning (WAS) Connector for Azure DevOps.

Here, we detail how to install and use the Qualys Web App Scanning Connector to view your Qualys WAS scan data in Azure DevOps.

The Qualys Web App Scanning Connector empowers DevOps teams to build application vulnerability scans into their existing CI/CD processes.
This approach is more effective than traditional 'bolt-on' security testing because it catches issues earlier in the Software Development Life Cycle (SDLC) process and eliminates security flaws. Based on the vulnerabilities detected, the plugin can be configured to fail or pass the builds.

Prerequisites

The following prerequisites must be met:

• The current version of the Web App Scanning Connector supports only Azure DevOps Services. You can use self-hosted agents or Microsoft agents.
• You must have valid account credentials for an active Qualys WAS subscription. The account must have API access and a role assigned with all the required permissions.
• You have pre-configured web applications, an option profile, and an authentication record in your Qualys WAS account so that the plugin populates them in the respective fields on the configuration form.

Quick Start Steps

1. Install the Plugin from Azure DevOps marketplace
2. Upgrade Plugin
3. Configure Plugin

Additional Resources

• For information on using the Web Application Scanning UI to monitor vulnerabilities in web applications, refer to the Qualys Web Application Scanning User Guide.
• For information on using the Web Application Scanning API, refer to the Web Application Scanning API User Guide.