Overview

Scrut integrates with Azure DevOps to capture project access, repositories, pipelines, and permission configuration. Use it to support SDLC/change-management evidence, validate least-privilege access, and maintain an audit trail of build/release workflows.

Why Connect

• Track access to repos, pipelines, and project settings.
• Support SDLC and change-management evidence automatically.
• Improve visibility into build/release governance.

Supported Automated Tests

Scrut provides pre-built automated tests for Azure DevOps. Here are a few examples of Scrut’s Azure DevOps tests:

• Access reviews completed for all in-scope applications
• Azure DevOps accounts associated with users
• Azure DevOps accounts deprovisioned when employees leave

Supported Automated Evidence

Scrut automates the collection of some evidences for Azure DevOps. Here are a few examples of Scrut’s Azure DevOps-driven evidences that can be collected:

• Acceptable Network Locations
• Automatic Capacity and Performance Monitoring Configuration
• Database Access Configurations
• Encryption for Data at Rest or Transit
• Firewall Rule Review
• Network traffic restrictions for database (security group)
• Offboarding - Logical Access & Physical Access Revocation
• Patch Management Records
• Reports of User Access Reviews
• User Access Approval list to Application, Infrastructure and Service