Skip to main content

Connecting Azure DevOps to Your Application

You will create a Personal Access Token (PAT) in your Azure DevOps organization and configure it in Plexicus to scan your Git repositories and manage pull requests.

Prerequisites

  • Azure DevOps account with an active organization
  • At least one Git repository in your organization
  • Permissions to create Personal Access Tokens in your organization

Steps

1. Access the Connectors page

Log in to your Plexicus account and navigate to IntegrationsConnectors.

2. Select Azure DevOps

In the SCM section, locate the Azure DevOps card and click Configure.

3. Create a Personal Access Token in Azure DevOps

On your Azure DevOps organization:

  1. Click your profile icon (top-right corner)
  2. Select Personal access tokens
  3. Click New Token
  4. Fill in the token details:
    • Name: plexicus (or a descriptive name)
    • Organization: Select your organization
    • Expiration: Set an expiration date (e.g., 1 year)
  5. Under Scopes, select the following:
    • Code (read)
    • Pull Request Threads (read & write) — required for creating and updating PRs
    • Work Items (read)
  6. Click Create Token
  7. Copy the token immediately — you won't see it again

4. Provide credentials to Plexicus

In the Plexicus Azure DevOps connector form:

  • Personal Access Token: Paste the token you just created
  • Azure DevOps URL (if self-hosted): Leave blank for cloud (https://dev.azure.com), or enter your on-premises TFS/Azure DevOps Server URL (e.g., https://tfs.yourcompany.com)

5. Test the connection

Click Test Connection to verify connectivity.

6. Save and finalize

Click Save or Connect. Plexicus will discover your projects and repositories.

Verify

In Plexicus, go to Assets and check that your Azure DevOps repositories appear in the list. You can now create scans against them.

TFVC Support

Plexicus can also scan Team Foundation Version Control (TFVC) repositories under the same Azure DevOps organization using the same Personal Access Token.

Connecting a TFVC repository

When adding a TFVC repository in Plexicus:

  1. In Assets, click Add Application or Add Repository
  2. Select Azure DevOps / TFVC as the SCM type
  3. Provide the TFVC project URL in the format: https://dev.azure.com/{org}/{project}/_versionControl (or your on-premises equivalent)
  4. In the Branch field, specify the TFVC scope path:
    • $/{Project} for the project root (default)
    • $/{Project}/SubPath for a subdirectory
  5. Click Connect

TFVC limitations

  • No pull requests: TFVC does not support pull requests. Remediation via pull requests is not available; use work items instead.
  • Snapshot-based analysis: TFVC repositories are materialized as git snapshots for scanning. Plexicus does not write changes back to TFVC.
  • Changeset workflow: Use Azure DevOps work items to track and manage fixes instead of pull requests.

Troubleshooting

"Connection failed" / "Unauthorized"

  • Verify the Personal Access Token is correct and has not expired
  • Confirm the token has the required scopes (Code (read), Pull Request Threads (read & write))
  • For on-premises, check the Azure DevOps Server URL is correct and reachable

Repositories or projects don't appear

  • Ensure the token is scoped to the correct organization
  • Verify you have at least one repository or TFVC project in your organization
  • If using TFVC, ensure the project URL format is correct

TFVC: "Invalid scope path"

  • Ensure the branch/scope path follows TFVC conventions: $/{Project} or $/{Project}/SubPath
  • Verify the scope path exists in your TFVC repository

Next Steps

You can now create applications using Azure DevOps Git or TFVC repositories. See Creating and managing applications to get started.