Azure | Software Quality
Caching your Node modules in Azure DevOps 
Riccardo Corradin 23 Aug, 2019
Share 
GitHub Advanced Security for Azure DevOps (GHAzDo) builds on top of the functionality for GitHub Advanced Security and is giving you extra security tools to embed into your developer way of working. It’s a great way to get started with security in your Azure Pipelines and Azure repos and I’ve written about it before in this blogpost.
Loading the alerts from the API’s
Before starting with the Advanced Security API’s you’ll need to get the ID for the repository you are working with. You’ll need to have the project name and the repository name itself. With that you can make this API call:
https://dev.azure.com/<PROJECT NAME>/_apis/git/repositories?api-version=7.1-preview.1
It will return you the list of repos the token you are using has access to. The repo object will look like this:
<span class="p">{</span><span class="w">
</span><span class="nl"> "id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"5e5195e1-1b44-4d4b-9310-5d33ee2c4dc"</span><span class="p">,</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eShopOnWeb"</span><span class="p">,</span><span class="w">
</span><span class="nl">"url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://dev.azure.com/raj-bos/3651f6f0-74e5-48d7-8ff9-d62ae2464b1/_apis/git/repositories/5e5195e1-1b44-4d4b-9310-5d33ee2c4dc"</span><span class="p">,</span><span class="w">
</span><span class="nl">"project"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w">
</span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"3651f6f0-74e5-48d7-8ff9-d62ae2464b1"</span><span class="p">,</span><span class="w">
</span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"GHAzDo trial"</span><span class="p">,</span><span class="w">
</span><span class="nl">"url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://dev.azure.com/raj-bos/_apis/projects/3651f6f0-74e5-48d7-8ff9-d62ae2464b1"</span><span class="p">,</span><span class="w">
</span><span class="nl">"state"</span><span class="p">:</span><span class="w"> </span><span class="s2">"wellFormed"</span><span class="p">,</span><span class="w">
</span><span class="nl">"revision"</span><span class="p">:</span><span class="w"> </span><span class="mi">141</span><span class="p">,</span><span class="w">
</span><span class="nl">"visibility"</span><span class="p">:</span><span class="w"> </span><span class="s2">"private"</span><span class="p">,</span><span class="w">
</span><span class="nl">"lastUpdateTime"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2023-07-26T18:51:26.227Z"</span><span class="w">
</span><span class="p">},</span><span class="w">
</span><span class="nl">"defaultBranch"</span><span class="p">:</span><span class="w"> </span><span class="s2">"refs/heads/main"</span><span class="p">,</span><span class="w">
</span><span class="nl">"size"</span><span class="p">:</span><span class="w"> </span><span class="mi">62610330</span><span class="p">,</span><span class="w">
</span><span class="nl">"remoteUrl"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://raj-bos@dev.azure.com/raj-bos/GHAzDo%20trial/_git/eShopOnWeb"</span><span class="p">,</span><span class="w">
</span><span class="nl">"sshUrl"</span><span class="p">:</span><span class="w"> </span><span class="s2">"git@ssh.dev.azure.com:v3/raj-bos/GHAzDo%20trial/eShopOnWeb"</span><span class="p">,</span><span class="w">
</span><span class="nl">"webUrl"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://dev.azure.com/raj-bos/GHAzDo%20trial/_git/eShopOnWeb"</span><span class="p">,</span><span class="w">
</span><span class="nl">"isDisabled"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w">
</span><span class="nl">"isInMaintenance"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w">
}</span>
From this you need the “id” field of the response. That can then be injected into the next API call:<a href="https://advsec.dev.azure.com/<PROJECT">https://advsec.dev.azure.com/<PROJECT</a> NAME>/<REPO NAME>/_apis/AdvancedSecurity/repositories/<REPO ID>/alerts?top=50&orderBy=severity&alertType=3&ref=refs/heads/main&states=1
The filtering options determine the response you will get back:
| Param | Description |
|---|---|
| top | The number of alerts you want to get back. |
| orderBy | The field you want to order the results by. |
| criteria.alertType | The type of alert you want to get back. 1 = Dependency, 2 = Secrets, 3 = Code scanning |
| criteria.ref | The branch you want to get the alerts for, only needed when looking at code scanning alerts |
| criteria.states | The state of the alerts you want to get back. 1 = Open, 2 = Closed |
You can also leave the alertType away from the url to get all alerts in one go. Do be aware that it will result in a different value for the alertType in the response, instead of the numbers listed in the table above:
- code: Code scanning alerts
- secret: Secret scanning alerts
- dependency: Dependency alerts
by Rob Bos
Rob has a strong focus on ALM and DevOps, automating manual tasks and helping teams deliver value to the end-user faster, using DevOps techniques. This is applied on anything Rob comes across, whether it’s an application, infrastructure, serverless or training environments. Additionally, Rob focuses on the management of production environments, including dashboarding, usage statistics for product owners and stakeholders, but also as part of the feedback loop to the developers. A lot of focus goes to GitHub and GitHub Actions, improving the security of applications and DevOps pipelines. Rob is a Trainer (Azure + GitHub), a Microsoft MVP and a LinkedIn Learning Instructor. 