> For the complete documentation index, see [llms.txt](https://docs.sec1.io/user-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sec1.io/user-docs/2-integration-with-sec1/6-ci-cd-integrations/4-azure-devops-container-extension.md).

# Azure DevOps Extension for Sec1 Container Image Scanner

## Introduction

Integrating the Sec1 Container Image Scanner plugin as Azure DevOps Extension allows developers and teams to enhance the security of their software projects by scanning container images for open-source vulnerabilities against the Sec1 Security Database. This documentation provides a step-by-step guide on integrating the Sec1 Container Image Scanner Extension into your Azure CI/CD pipelines.

## Prerequisite

* [Setup your pipeline](https://learn.microsoft.com/en-us/azure/devops/pipelines/create-first-pipeline?view=azure-devops\&tabs=java%2Ctfs-2018-2%2Cbrowser)

## Integration Steps

1. [Install the Sec1 Container Image Extension](#1-install-the-sec1-security-plugin)
2. [Configure API Token](#2-configure-an-scm-access-token)
3. [Configure Sec1 Container Image Scanner as a Build Step](#3-configure-sec1-security-as-a-build-step)
4. [Configuration Parameters](#4-configuration-parameters)

## 1. Install the Sec1 Security Plugin

* Go to Azure DevOps Marketplace (<https://marketplace.visualstudio.com>).
* Search for `Sec1` and click on `Sec1 Container Image Scanner` to visit the plugin page.
* Click on "Get it free", select the "Azure DevOps organization" where you would like to install and click "Install".
* Once installation is complete then "Proceed to organisation"

## 2. Configure API Token

You need to configure API Token as Generic Service Connection

* Go to your "Project" > "Project Settings"
* Click "Service Connections" under Pipelines section
* Click "New service connection"
* Search for "Generic" and click "Next"
* Enter below configuration

  * Server URL - Default value of Server URL will be <https://api.sec1.io>. If you are using SaaS service then leave it blank otherwise provide the appropriate value
  * Username is optional as Sec1 Security uses API Token for authentication purpose.
  * Password/Token Key - Provide SecAPI Security API Token.
  * Service connection name - Provide appropriate service connection name (e.g. Sec1SecurityServiceConnection).
  * Description - It is option field but you can provide appropriate description.

  Note : To get `SecAPI Security API Token` navigate to [Scopy](https://scopy.sec1.io/) > "Login with GitHub" > "Settings" In the "API key" section, click on "Generate API key" and copy it for use.

> <details>
>
> <summary>📷 Show Preview</summary>
>
> <img src="https://digitalassets.sec1.io/sec1-generic-connection.png" alt="Sec1 Generic Connection" data-size="original">
>
> </details>

## 3. Configure Sec1 Security Extension as a Build Step

* Navigate to "Pipelines" section in your project.
* Click on "Edit".
* Search `Sec1 - Container Image Scanner` in the tasks search box and select the result.
* Select Service Connection which you have added as Generic Service Connection in dropdown.
* Enter location of package (pom.xml or package.json) file (if it is present under nested folder otherwise leave it blank). In case of blank, it will locate the file in current folder of repo.
* Click "Add"

> <details>
>
> <summary>📷 Show Preview</summary>
>
> <img src="https://digitalassets.sec1.io/sec1-build-step.png" alt="Sec1 Container Image Scanner Build Task" data-size="original">
>
> </details>

You can also copy below code snippet to directly copy in pipeline yaml file.

```
- task: Sec1ContainerImageScanner@1
  inputs:
    serviceConnection: 'Sec1 API Key'
    dockerRegistryServiceConnection: 'Public Docker'
    containerRepository: 'xxx/docker-gs'
    tag: '$(Build.BuildId)'
    critical: '2'
    high: '5'
    medium: '10'
    low: '20'
```

## 4. Configuration Parameters

### Configure the following parameters in the "Sec1 Security Settings" while adding extention to build step:

* `Enable the Threshold Check` (optional) If selected, define your vulnerability threshold levels by "Severity". Default values for Critical and High are 0 and 10 respectively<br>
  * If you set the critical vulnerability threshold to 10, your build will fail if more than 10 critical vulnerabilities are found in the scan.
  * Choose actions for the breach: Fail or Continue.

## Troubleshooting

To see more information on your steps:

* View the "Console Output" for a specific build.

***

\-- Sec1 Security team


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.sec1.io/user-docs/2-integration-with-sec1/6-ci-cd-integrations/4-azure-devops-container-extension.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.