Get Started with Qualys Web App Scanning Connector for Azure DevOps

Release v1.2.2

This document provides information about using the Qualys Web App Scanning Connector for Azure DevOps.

Here, we detail how to install and use the Qualys Web App Scanning Connector to view your Qualys WAS scan data in Azure DevOps.

The Qualys Web App Scanning Connector empowers DevOps teams to build application vulnerability scans into their existing CI/CD processes. By integrating scans in this manner, application security testing is accomplished earlier in the SDLC to catch and eliminate security flaws. The plugin can be configured to fail or pass the builds based on the vulnerabilities detected.

Prerequisites

To configure Qualys Web App Scanning Connector for Azure DevOps, the following prerequisites must be met:

• The current version of the Web App Scanning Connector supports only Azure DevOps Services. You can use self-hosted agents or Microsoft agents.
• You must have valid account credentials for an active Qualys WAS subscription. The account must have API access enabled and a role assigned with all necessary permissions.
• You have preconfigure the web application, option profile, and authentication record in your Qualys WAS account so that the plugin populates them in the respective fields on the configuration form.

Quick Start Steps

1. Install the Plugin from Azure DevOps marketplace
2. Upgrade Plugin
3. Configure Plugin

Additional Resources

• For information on using the Web Application Scanning UI to monitor vulnerabilities in web applications, refer to the Qualys Web Application Scanning User Guide.
• For information on using the Web Application Scanning API, refer to the Web Application Scanning API User Guide.