Manage Targets

Azure Pipelines

ZeroThreat integrates with Azure Pipelines to help you automatically scan your applications for vulnerabilities as part of your CI/CD process. This ensures you catch security issues early, before code is deployed to production.

In this guide, we’ll walk through how to set up the integration using a basic example. You can follow along with the example, or customize the steps to fit your own Azure DevOps workflow.

Prerequisites

Before you begin:

  • Make sure your target is verified in ZeroThreat.
  • You have an Azure DevOps project with pipeline permissions.
  • You’re familiar with the basics of Azure and Azure Pipelines.
  • Your source code repository is connected to Azure (e.g., GitHub, Bitbucket, or Azure Repos).

Step 1. Enable GitHub Actions Integration in ZeroThreat

  1. Navigate to the Targets ()section in ZeroThreat.
  2. Click on the "Continuous Integration" button () for your desired target.
Thumbnail

  1. In the CI/CD settings drawer, enable Azure Pipelines integration and confirm.
Thumbnail

Once confirmed, a unique ZT_TOKEN will be generated. This token is used to start scans CI/CD for its associated target from the CI/CD.

Step 2: Choose Scan Settings

  1. Select or create a Scan Profile suitable for your environment.
Thumbnail

  1. If you're scanning authenticated sections of your app, select the appropriate Login Template for authenticated scans.
Make sure to select a appropriate working Login template for Authenticated Scan.

Step 3: Open the Azure Pipelines Marketplace

Click on the Azure Pipelines icon in ZeroThreat to open the Azure DevOps Marketplace, where you’ll find the official ZeroThreat AI DAST Scanner from Marketplace.

Thumbnail

Step 4: Create a Pipeline in Azure DevOps

  1. Open your Azure DevOps Project.
  2. Go to Pipelines → Create Pipeline.
Thumbnail

  1. In this guide, we’ll use the Classic Editor () for setup clarity. Choose your project source, connect your repository, and select the relevant branch or build definition.
  2. When prompted to choose a template, you can select a recommended one or click “Empty Job” to build from scratch.
Thumbnail

Step 5: Configure the Agent Job

  1. Create a new Agent Job and name it.
  2. Select an Agent Pool and Agent Specification (e.g., ubuntu-latest or your default pool).
Thumbnail

  1. Click “Save and Queue” to create the pipeline structure.

Step 6: Add the ZeroThreat Scan Task

  1. Search for ZeroThreat AI DAST Scanner in the task list.
  2. Add it to the Agent Job.
  3. Provide your ZT_TOKEN (the one generated in ZeroThreat).
  4. Set Wait for Analysis to true or false:
    • false (default): The scan starts and the pipeline moves on.
    • true: The pipeline waits for the scan to complete before proceeding.
Best Practice:
Store your ZT_TOKEN securely in Azure DevOps as a pipeline variable or secret to avoid exposing it in your build logs or version control.

Step 7: Run the Pipeline

  1. Once everything is configured, click “Save and Queue”.
  2. The Agent Job will start, and you'll see the scan triggered in real-time in your ZeroThreat dashboard.
Thumbnail

Customizing Your Integration

The above setup is a basic example using a manual trigger and the classic editor, but you can easily customize it to fit your workflow:

  • Trigger scans automatically on every push, pull request, or tag
  • Schedule scans at regular intervals using cron expressions
  • Include scan stages in larger workflows for build → test → security → deploy pipelines

This flexibility ensures you can integrate security testing exactly when and where it makes sense in your CI/CD process.