This extension integrates the Mobb Autofixer into your Azure DevOps pipeline, enabling automated security fixes for vulnerabilities detected in your source code. It simplifies the remediation process by analyzing SAST reports and providing fixes that you can easily commit back into your repository.
- Azure DevOps Services, or Azure DevOps Server 2022.2
- Runs Mobb Autofixer to analyze SAST reports from CodeQL, Snyk, Checkmarx, Fortify, SonarQube, Semgrep or Opengrep and generates a Mobb Fix Report Link.
- Easily integrates with Azure DevOps pipelines to scan and fix vulnerabilities automatically.
- Enhanced PR Workflow
- Supports Automatic PR and Direct Commits to apply fixes automatically.
- Publishes Mobb Fix Report links in PR comments.
- Displays fix details directly in PR comments when applicable.
- First create a Mobb Service endpoint by going to Projects -> Services Connections -> New Connections -> Mobb Service Endpoint
- In your pipeline task, search and add the "Mobb Autofixer" task.
For step-by-step tutorial on how to use this plugin, please visit: https://docs.mobb.ai/mobb-user-docs/ci-cd-integrations/azure-devops
- Added support for "commit directly" functionality.
- Publishing of Mobb link in the PR comments: A direct link to the Mobb analysis results is now included in PR comments.
- Publishing of what fix was committed directly in PR comments (if the context is a PR): When a fix is committed within a PR context, the details of the fix will be automatically published in the PR comments.