# Azure DevOps Mobb can be integrated into Azure DevOps via the official Mobb Autofixer plugin. This article will walk through the process of installing the plugin. {% embed url="" %} ## Pre-Requisites The Mobb Azure DevOps Pipeline task is supported on the following ADO platforms: * Azure DevOps Service (Cloud) * Azure DevOps Server 2022.2 You will also need a Mobb API Token. To generate one, follow the steps outlined in the [Access Token](https://docs.mobb.ai/mobb-user-docs/administration/access-tokens) page. ## Installing the plugin 1. Go to the Visual Studio Marketplace and search for the Mobb Autofixer plugin. The direct link is also available [here](https://marketplace.visualstudio.com/items?itemName=Mobb.mobb-autofixer-task). 2. Click on "Get it free"\\

3. Follow the instructions to install it in your Azure DevOps Service or Azure DevOps Server environment. ## Setting up the Service Connection To set up the service connection, first go your Azure DevOps organization. Click on **Project Settings -> Service Connections -> New Service Connection.**

Search for "Mobb" to locate "**Mobb Autofixer Endoint**". Afterwards, click "Next" to open the Endpoint service connection configurator.

Next, verify your **Server URL**, by default, it is set to ****, which is Mobb's public tenant URL. If you are using a single-tenant, please put in your single-tenant URL here. Click "**Save**" when you're done.

## Creating a Mobb Autofixer Pipeline Using a Pre-configured Task ### Creating a pipeline using a YAML Begin by creating a pipeline. You can use an existing pipeline where SAST scans are already being conducted, or you can also use a starter YAML pipeline template. To use the plugin, you will need to have Node.js version 18 or above installed. To do so, search for "Node.js tool" from the Task Assistant located on the top right.

In the Node.js configuration page, put **18.x** (or anything above).

Next, we will add the "Mobb Autofixer" step. Search for "Mobb"

In the Mobb Autofixer configuration screen, provide the following info: * **Credential (Required)** - Select the Credential you created earlier in the Project Service Connection page. * **SAST Report File Location (Required)** - Provide the filename or the location + filename to the SAST report. For example "**report.json"** if it's located at the root of the working directory, or "**subfolder/report.json**" if it's nested in a subfolder. * **Repository URL (Optional)** - Provide the URL to your git repository. If this is not provided, then the value from BUILD\_REPOSITORY\_URI will be used. * **Branch Name (Optional)** - Provide the branch name where the SAST scan was conducted. If this is not provided, then the value from BUILD\_SOURCEBRANCHNAME will be used. * **Repo Sub Folder Location (Optional)** - By default this is set to the current working directory "./". Mobb will use this directory location to access the source code files to generate a fix report. If the repository is not checked out to the root working directory, then you can specify another directory here. * **Automatic PR (Optional)** - This checkbox will enable Automatic PR according to your fix policy settings. To learn more about this feature, [click here](https://docs.mobb.ai/mobb-user-docs/administration/fix-policy#automatic-pr).

Click on "**Add**" when done. ### Creating a pipeline using the Classic Pipeline Editor To use the Mobb Autofixer plugin in the Azure DevOps Classic Pipeline Editor, first go to **Pipelines** -> **New Pipeline.** Since we are configuring this using the classic editor, select "Use the Classic Editor". For YAML based configuration, you may skip to the section below.

Next, select the repository where this pipeline will run.

Next, you will need to select a template. In this example, we will start with an empty one.

Next, click on the "**+"** sign next to the Agent to configure what tasks run.

Let's first bring Node.js in, search fro "**Node.js**" and click on "**Node.js tool installer**".

Next, put "**18.x**" in the "**Version Spec**" field. You can actually use any Node.js instances as long as they are version 18 or above.

Next, we will bring in Mobb Autofixer, to do so, search for "**Mobb**" and click on "**Mobb Autofixer**".

Next, let's configure the Mobb Autofixer task: * **Credential (Required)** - Select the Credential you created earlier on the Project Service Connection page. * **SAST Report File Location (Required)** - Provide the filename or the location + filename to the SAST report. For example "**report.json"** if it's located at the root of the working directory, or "**subfolder/report.json**" if it's nested in a subfolder. * **Repository URL (Optional)** - Provide the URL to your git repository. If this is not provided, then the value from BUILD\_REPOSITORY\_URI will be used. * **Branch Name (Optional)** - Provide the branch name where the SAST scan was conducted. If this is not provided, then the value from BUILD\_SOURCEBRANCHNAME will be used. * **Repo Sub Folder Location (Optional)** - By default, this is set to the current working directory "./". Mobb will use this directory location to access the source code files and generate a fix report. If the repository is not checked out to the root working directory, then you can specify another directory here. * **Automatic PR (Optional)** - This checkbox will enable Automatic PR according to your fix policy settings. To learn more about this feature, [click here](https://docs.mobb.ai/mobb-user-docs/administration/fix-policy#automatic-pr). * **Commit Directly (Optional)** - This checkbox tells Mobb to commit the fix directly to the target branch. If the branch belongs to a PR, Mobb will also publish a comment in the PR to explain what was committed. Click on "**Save and Queue**" when done.

## Accessing the Mobb link After the fix analysis is submitted to Mobb, a button to access the Mobb report will be available as a tab at the Pipeline Summary page:

## Publishing of Mobb Link in the PR comment section The extension will automatically publish the Mobb link in the PR comment section if the pipeline job is triggered by a pull request. However, you must set "Contribute to pull request" permission to "Allow" under the project setting. Here are the steps: * First, navigate to Project Settings -> Repositories -> Click on your repository -> Security Tab * Here, select the **Build Service** User (Normally named as your project name followed by "Build Service") * Once the Build Service user is selected, toggle "Contribute to Pull Request" to "Allow.

You should now start to see Mobb's fix report URL published in the PR comments section as shown:

Additionally, if you have **Commit Directly** enabled, Mobb will also automatically publish the fixes that were committed in the PR comments as well:

Example of a PR comment showing the committed fix

Troubleshooting To pass additional environment variables to the Mobb step, you can use the `env` tag to specify them. Here is an example on how to pass `DEBUG=*` and `NODE_TLS_REJECT_UNAUTHORIZED=0` to the step. ```yaml - task: MobbAutofixer-preview@0 inputs: MobbConnection: 'Mobb Preview' SASTReportFileLocation: 'sast-report.json' MobbProjectName: 'Monolith App' autopr: true commitdirectly: true env: DEBUG: '*' NODE_TLS_REJECT_UNAUTHORIZED: '0' ```