Skip to main content
Skip table of contents

Azure Repositories Integration - Bot User PAT Permission Justification

This article covers the reason behind the following requirements for installing the Azure Repository Integration:

  1. Full access rights for the Personal Access Token created for the bot user

  2. Administrator access for the bot user

The requirements are covered in this section of the dedicated article:

Install Mend for Azure Repos

Full Access rights for the Personal Access Token created for the bot user

A substantial part of the integration consists of providing check run statuses and comments in the commits. These actions are all being performed through the usage of APIs.
Azure does not provide separate permissions to control these actions and therefore, a full-access PAT is required.

Administrator access for the bot user

The admin privilege for the bot user is only required on the project level, and not on the organization level. Also, the bot user will be provided with Project Administrator rights only to the Projects that need to be scanned by Mend inside the organizations that the user is added to. Because of that, while the user may have admin access, it is limited to the projects that the user was provided access to

If the vulnerablePullRequestStatus is set to noneinside the .whitesource file then the bot user will no longer need to have administrative rights.

However, this setting will also imply that the commit status will not be updated by Mend at any time and no remediation pull requests will be created.

This approach is not recommended because it elimiates a large part of the core functionality.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close