Skip to main content
Skip table of contents

Install Mend Developer Platform for Azure DevOps Repos

Overview

In this article, you will find step-by-step instructions for installing the Mend Developer Platform for Azure DevOps Repos.

Getting it done

Prerequisites

  • Access to an Azure DevOps Repos organization and a user with Admin privileges on the organization/project level, with Oauth enabled (see step 7 of this guide)

  • Mend Account with SCA/SAST entitlement on the Mend Platform

  • Admin Access to Mend Platform to generate Activation Key

  • The Azure DevOps Repos organization must allow Third-Party Access Via OAuth

  • If your organization has conditional access to certain IP addresses, please whitelist the following IPs:

Notes:

  • The prerequisites are not required to use Renovate within the Mend Developer Platform for Azure DevOps Repos.

  • The Azure DevOps user who will onboard the organization will be the one that will be used to create commit statuses, work items, and PRs from their own account. We recommend creating a bot-user solely dedicated to the integration with the Mend Developer Platform.

  • When an Azure Repos project is onboarded with a Mend License Key, this key will be applied to all other projects of this organization (including projects that were onboarded before this connection).

  • Mend License Key is used for the entire Azure Repos organization, and in order to change it, it’s required that the Azure Repos organization admin does that in the Organization Settings.

  • A GitHub.com token is recommended for running scans. Without it, GitHub release notes won’t be retrieved, which will result in a warning message.

Mend EU Environment

If you are a Mend customer working in our EU environment (saas-eu.mend.io), you will be able to link the integration to your Mend organization only if you use the Mend Developer Platform in the EU environment: https://developer-eu.mend.io/. By doing this, all of the org and user data that we process will stay in the EU zone.

Installing Mend Developer Platform for Azure DevOps Repos

For users who are migrating from the old Mend for Azure Repos integration, please refer to the instructions in our Migration Guide for Mend Developer Platform documentation.

  1. Log in to the Mend Developer Portal and authorize with your Azure DevOps user.

  2. Complete the Mend Registration step and click CONTINUE.

    image-20241009-222714.png
  3. After registration is completed, you’ll be navigated to the Mend Developer Platform main dashboard.

  4. Navigate to Integrations under the Settings toggle within the Mend Platform, then select the Azure Repos integration.

    image-20241009-223259.png
  5. Copy the Activation Key by clicking on Get Activation Key (this will be used in step #10).

    image-20241009-232702.png
  6. Click on “Install more” to install Mend Developer Platform in your Azure DevOps Repos project(s):

    image-20241009-215819.png
  7. Select the Azure DevOps Repos project(s) which you want to integrate Mend with and click CONTINUE.

    image-20241009-220547.png

Note: In order to view the available projects for onboarding, Oauth must be enabled in the Azure Devops environment. The toggle for enabling Oauth in Azure Devops is located at: Organization settings → Policies → Application connection policies → Third party application access via Oauth.

  1. A pop-up window will appear asking you to accept a redirection to Azure DevOps to authenticate and install the Mend integration for the selected project(s).
    Note: You will only need to complete this step once. The user's refresh token will also be used for future onboarding.

    image-20241009-220617.png
  2. The Setup Wizard will be shown to you, where two product options are going to be presented:
    (1) Renovate only. Automatic updates for open-source dependencies.
    (2) Mend Application Security (Mend license is required). Including Renovate, Open Source Security (Mend SCA), and Code Security (Mend SAST).

    image-20241009-220727.png
  3. To install the Mend Application Security, select this option and navigate to the Mend Platform to copy the Activation Key (as described in step #5). Then, paste the Mend Activation Key to connect your Azure DevOps organization with your paid Mend account.

    image-20241009-220958.png
  4. Click CONNECT PROJECT, and then CONTINUE. You’ll see the name of the Mend Organization to which your organization is now connected.

  5. Now you have the option to activate the Mend App for all repositories or only selected ones. Select your preference, and then click CONTINUE.

    image-20241009-221142.png

During the installation process, please note that the Mend Developer Platform app is installed for the entire project. This means that it will have access to all repositories within the project, regardless of the repositories selected during installation.
Selecting repositories at this step defines which will have the available engines enabled and activated.

  1. Choose the scan behavior of the installed Mend integration. You can choose one of these two options:
    (1) Scan only. Selected repositories will be scanned without checks, issues, and PRs being created. Scan results will still be available in the Developer Portal and Mend App.
    (2) Scan and alert. Selected repositories will be scanned with scan results presented in checks, issues, and PRs.

image-20241009-221237.png

Organization Settings

This is the page accessible to the Azure Repos Organization Admin, where you can link or unlink a connection to a Mend Organization.

When selecting CHANGE MEND ORG, a pop-up window will appear asking you to insert the new Mend License Key of the organization you would like to connect.

image-20241009-235520.png

Refresh Token

Mend uses the Refresh Token to create items in the repository on behalf of the onboarded user who installed the integration.

In case you are the user who onboarded projects with the Mend Developer Platform integration, you will find in your Profile Settings page the list of those projects.

Notes:

  • You can remove integration for specific projects or delete the refresh token. Note that removing the refresh token will cause all projects that were onboarded with this user to uninstall the integration. The same will happen if this user deletes their account on this page.

  • If you would like to pass the role of bot user to another user, you’ll need to uninstall all or selected projects, and then the new user should re-onboard them. In this case, the project's configuration and repos will be preserved, and the app will continue working under a new bot user.

image-20241009-235137.png
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.