Azure DevOps

Note: Azure DevOps integrations require a Pro plan. If you haven't upgraded yet, please upgrade your plan here.

This guide explains how to prepare your Azure DevOps environment so SolidityScan can scan your repositories.

Prerequisites

Before connecting SolidityScan to Azure DevOps, complete the steps below in order.

Step 1 - Create User in Microsoft Entra (Azure AD)

Create a dedicated service user for SolidityScan integration.

1. Open Microsoft Entra Admin Center: https://entra.microsoft.com

2. Navigate to: Users → New user → Create new user

3. Create a dedicated user, for example: [email protected]

IMPORTANT: The account used to connect Azure DevOps must be an Entra (Azure AD) work user, not a personal Microsoft account.

Also ensure:

• User type = Member (not Guest)

• This user will later appear inside Azure DevOps automatically once invited

Step 2 - Add User to Azure DevOps Organization

Add the Entra user into your Azure DevOps organization.

1. Open your Azure DevOps organization: https://dev.azure.com/YOUR_ORG

2. Navigate to: Organization Settings → Users → Add users

3. Add the Entra user you created.

CRITICAL: Access Level must be Basic.

When adding the user, use these settings:

Do not select Stakeholder - this access level will cause integration failures.

Step 3 - Give Project Access

Grant the service user access to the specific project.

1. Navigate to: Project Settings → Permissions → Contributors group

2. Click: Members → Add → Add the user

This grants project-level access to the SolidityScan service user.

Step 4 - Give Repository Permissions

VERY IMPORTANT: This step is commonly missed and will cause scan failures even when OAuth is working.

1. Navigate to: Project Settings → Repositories → Your Repository → Security

2. Search for and add the user: [email protected]

3. Set the following permissions to Allow:

Minimum requirement: Repo Read access must be allowed. Without repo permission, OAuth works but repo APIs return 401 Unauthorized.

Step 5 - Allow Third-Party OAuth Apps

1. Navigate to: Organization Settings → Policies

2. Enable: Allow third-party application access via OAuth

This allows SolidityScan to authenticate and access Azure DevOps on behalf of the connected user.

Step 6 - Connect Azure DevOps in SolidityScan

In the SolidityScan application:

1. Log in to SolidityScan

2. Go to Integrations

3. Click Connect Azure DevOps

4. Log in using the Entra user created in Step 1

5. Accept the required permissions

Step 7 - Final One-Time Authorization

After connecting, open your Azure DevOps organization at least once in a browser:

https://dev.azure.com/YOUR_ORG

This completes the OAuth authorization flow.

Where Will the User Appear?

After setup, the service user exists in two places:

Both are required for a successful integration.

Common Errors and Causes

Final Checklist

Before connecting SolidityScan, confirm all of the following:

• Entra user created as a work account (not personal Microsoft account)

• User added to Azure DevOps Organization

• Access Level set to Basic

• User added to Contributors group in Project Settings

• User added to Repository Security with Read permission