This repository contains a comprehensive solution for exporting, storing, and visualizing Azure DevOps Advanced Security alerts across your entire organization. The solution includes a PowerShell script that uses Personal Access Token (PAT) authentication to query the Azure DevOps REST API, an Azure DevOps pipeline for automated execution, and a Power BI dashboard for data visualization.
- ✨ Features
- 🚀 Usage
- ⚙️ YAML Pipeline Setup
- 📊 Power BI Dashboard Setup
- 📋 Requirements
- 📄 Output
- 🔗 References
- Authenticates using Personal Access Token (PAT)
- Retrieves all projects and repositories in the organization
- Collects all Advanced Security alerts for each repository
- Handles paginated results using continuation tokens
- Exports the collected alert data to a CSV file
- Automated pipeline execution with Azure DevOps YAML pipeline
- Upload results to Azure Storage for centralized data management
- Pre-built Power BI dashboard for visualizing security alert trends and metrics
- Comprehensive reporting across multiple projects and repositories
- Create a Personal Access Token (PAT) in Azure DevOps with the required scopes (see Requirements section)
- Update the
$organizationvariable in the script to your Azure DevOps organization name - Update the
$patvariable in the script with your Personal Access Token - Run the script in PowerShell:
.\Export-Alerts.ps1 - The output will be saved as
All-ADO-Alerts.csvin the current directory.
To run this script in an Azure DevOps pipeline, create a variable group named Security-Alerts-Variables with the following variables:
| Variable Name | Description | Example Value |
|---|---|---|
adoPat |
Personal Access Token with required scopes | your-pat-token-here |
azureServiceConnection |
Azure service connection name | your-service-connection |
containerName |
Azure Storage container for output files | security-alerts |
organization |
Azure DevOps organization name | your-org-name |
outputCsvFile |
Name of the output CSV file | All-ADO-Alerts.csv |
storageAccountName |
Azure Storage account name | yourstorageaccount |
- Navigate to your Azure DevOps project
- Go to Pipelines > Library
- Click + Variable group
- Name it
Security-Alerts-Variables - Add all variables listed above with appropriate values
- Mark
adoPatas secret by clicking the lock icon - Save the variable group
Reference the variable group in your YAML pipeline:
variables:
- group: Security-Alerts-VariablesThe pipeline will:
- Execute the PowerShell script to export security alerts
- Upload the generated CSV file to the specified Azure Storage account container
- Use the Azure service connection for authentication to the storage account
A sample Power BI dashboard is provided in the dashboards folder as ADO - GHAzDO Report.pbix. This dashboard visualizes the exported security alerts.
- Open
ADO - GHAzDO Report.pbixin Power BI Desktop - Go to the Home tab and click Transform data
- In the Power Query Editor, select the
All-ADO-Alertsquery - Click Advanced Editor
- Update the blob storage account and container name in the source path to match your Azure Storage configuration
- Click Done and then Close & Apply to load the data
- Refresh the data to pull the latest alerts from your Azure Storage container
You can now use the dashboard to analyze and visualize your Azure DevOps Advanced Security alerts!
- Personal Access Token (PAT) with the following scopes:
- Advanced Security: Read
- Code: Read
- Project and Team: Read
- Sufficient permissions to access Azure DevOps REST APIs and Advanced Security alerts
All-ADO-Alerts.csv: Contains details of all security alerts, including project, repository, alert ID, title, severity, state, tool, and detection dates.
@jasonmoodie, @CalinL
These are just files for you to download and use as you see fit. If you have questions about how to use them, please reach out to the maintainers, but we cannot guarantee a response with SLAs.