# Connecting to Azure DevOps

Connecting the Seal platform to an Azure DevOps repository enables it to automatically sync with your projects, detect vulnerable packages, and possibly open pull requests to replace vulnerable packages with fully-compatible sealed versions.

After you click **Import from Azure DevOps** on the onboarding, you will need to put a URL to your organization on Azure DevOps, and a personal access token with the requisite permissions.

<figure><img src="/files/0HopvDcwSM43Ig3Kf19u" alt="" width="563"><figcaption></figcaption></figure>

#### Generating the personal access token on Azure DevOps

1. In the Azure DevOps organization screen, open the user settings menu and click on **Personal access tokens**.

<figure><img src="/files/CxRgXmPrqvhIIZYf6hsP" alt=""><figcaption></figcaption></figure>

2. Click on the **New Token** button.
3. Give access to all of your organizations or the particular organization you want to connect. Set the expiration to one year. Give the token full access or Code Read & Write.
4. Create the token, and copy it to the relevant field in the **Link to Azure** window shown above.

#### Enabling automatic scanning when new code is merged

When new code is merged to the main branch it can introduce new vulnerabilities or fix existing ones (either through using a sealed version, upgrading the vulnerable package, or removing it altogether as a dependency). Therefore, in order to give an up-to-date picture of your vulnerable dependencies, the Seal app needs to rescan whenever a pull request is merged to the main branch.

For the Seal app to know new code was pushed, it must be granted permissions on a project-by-project (where by "project" here we mean an Azure DevOps project, *not* a project on the Seal app).

To give the Seal app access to the relevant webhooks follow these steps:

1. Go to the **Project settings** of the relevant project on Azure DevOps.
2. Under **General** you will find **Service hooks**. Click on the **+** to create a new one.
3. Choose the type **Web Hooks** and click **Next**.
4. Choose the trigger "Code pushed" and click **Next**. There's no need to change the other fields in this form.
5. In the URL fill [`https://api.sealsecurity.io/azure_devops/webhook`](https://api.sealsecurity.io/azure_devops/webhook) and click **Finish**.

The Seal app will now receive a webhook whenever a pull request is merged to the main branch, allowing it to rescan the code as necessary and remain up-to-date.

#### Adding projects

After you've configured the connection to Azure DevOps, you'll need to connect to the relevant code projects. Each project maps to an individual dependency file, for example `package-lock.json`. You can choose which dependency files you want Seal to scan. Each dependency file will map to a separate project on the platform.

You can either choose from a list of automatically detected projects, or add your projects later manually by clicking on the **New project** button in the **Projects** tab.

{% hint style="info" %}
The **Project ID** field is used to identify the project when communicating with the artifact server. It is meant to be used by machines, and it won't be editable later.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sealsecurity.io/fundamentals/readme/package-discovery/connecting-to-azure-devops.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.