Azure Plugin

Azure Plugin

Contextual software security microtraining for Azure Boards work items, powered by the SecureFlag Knowledge Base.

This plugin adds a new page to work items that mention security vulnerabilities, with a recommended lab and information from the SecureFlag Knowledge Base. Each reply includes an overview of everything a developer needs to understand and remediate a given type of vulnerability, including example code!

Installation

Access the app via the Visual Studio Marketplace here .

Click the Get it free button. From there, select the organization on which to install the plugin and click “Install”. The plugin is available for free.

Admin Settings

Azure DevOps administrators can configure:
  1. Match Work Item Title Only: Choose whether matching uses the work item title only, or the full title and description for broader context.
  2. AI Enhanced Matching: Enable AI-powered knowledge base matching for more accurate, context-aware results.

Accessing the Configuration

From the Azure DevOps organization home page, select Organization Settings (gear icon on the bottom left).
In the left pane, under Extensions, select SecureFlag KB Configuration.


Configuration Options

Match Work Item Title Only

  1. Match Title Only: Enable this toggle to limit matching only to the work item title.

When the toggle is off, matching uses the full work item title and description. This is the default behavior.

AI Enhanced Matching

  1. Enable AI Enhanced Matching: Enable this toggle to activate AI-enhanced knowledge base matching.
  2. SecureFlag API Access Token: Enter the API access token generated in the SecureFlag Management Portal.

NotesNote: The SecureFlag API Access Token provided should have only the Read knowledge base scope to be accepted when saving the configuration.


How to generate SecureFlag API Access Token:
  1. Log in to SecureFlag as an Organization Admin. In the Management Portal, click the Settings icon in the top-right corner of the navigation bar.
  2. Scroll to the API Access Tokens section. Select Read knowledge base as the scope, then enter a name for the token and click Generate.
  3. Copy and save the token displayed in the modal as it will not be shown again.

Saving the Configuration

After configuring your settings, click Save to apply the changes.

Usage

Simply mention a software vulnerability by name or CWE number in a work item, either in the title or body (depending on the configured matching settings), then open the SecureFlag page. Common abbreviations are also supported.



For example:
Quote
Hey, there's a SQLi vulnerability here. Please fix ASAP.
Quote
Thanks for spotting this. This pull request fixes the vuln mentioned in issue 123. CWE 89.
Quote
Hm, there is another sql injection vulnerability. Please audit all HTML forms.


All the above leads to the below response:



Feedback

Want a new feature? Something not working right? We genuinely want to hear what you think! Please get in touch with us using our contact form here .


    • Related Articles

    • SecureFlag ThreatCanvas for Azure

      Threat model your features with AI-powered tooling. The SecureFlag ThreatCanvas plugin helps you integrate security early in your development lifecycle by automatically generating threat model diagrams from your Azure Boards work item descriptions. ...

    • Shortcut Plugin

      Contextual software security microtraining for Shortcut stories, powered by the SecureFlag Knowledge Base. This plugin adds a link to the SecureFlag Knowledge Base to the description of stories that mention security vulnerabilities, with relevant ...

    • SonarQube Plugin

      Contextual software security training for detected vulnerabilities and Security Hotspots. This plugin lists recent vulnerabilities and security hotspots detected by SonarQube, then attempts to find relevant training labs and remediation advice from ...

    • SecureFlag Findings2Training Plugin for IntelliJ IDEA

      SecureFlag Findings2Training is an IntelliJ IDEA plugin that watches for security issues in your project and automatically recommends the relevant training articles and hands-on practice labs to help you understand and fix them. Prerequisites Before ...

    • SecureFlag Analyzer Plugin for IntelliJ IDEA

      AI-powered vulnerability detection, right in your IDE. Overview The SecureFlag Analyzer plugin integrates with IntelliJ IDEA to deliver real-time security analysis as you code. Powered by advanced LLMs (Anthropic and ChatGPT), it detects potential ...