Azure DevOps

Set up User Variables

Within Threatrix Threat Center

• Grab your OrgId and EntityId credentials from your profile

• Create and grab your API Key from your profile or admin dashboard at Admin -> Integration -> Service keys. When creating the Service Key, be sure to choose "Super Admin" for the role. Choosing permissions is unecessary.

Within Azure DevOps

• Navigate to Pipelines -> Library

• Click `+Variable Group` to add a new Variable Group

• Create a new Variable

• Set "Threatrix" for Variable group name

• Add the following Variable Names with values

  • THREATRIX_API_KEY: Your API Key from your profile or admin dashboard

  • THREATRIX_OID: Your organization ID from your profile

  • THREATRIX_EID: Your entity ID from your profile

• [OPTIONAL] Select Lock icon for each to convert to Secret variable

• From top menu, click "Save".

Variables Permissions

During your next build, you may see the following message requesting permissions to access your newly created Variable Group. Select "Permit" in order to allow the pipeline access to Threatrix variables necessary to perform the scan.

Installing Threat Agent

Threatrix Threat Agent requires that Java 11+ be pre-installed on the host machine.

Download and run the latest ThreatAgent in your pipeline

Add the following step to your azure-pipelines.yml file

- script: |
    curl -LJO https://github.com/threatrix/threat-matrix/releases/download/agent-release-latest/threat-agent-latest.jar
    java -jar threat-agent-latest.jar ./