Automate CI/CD pipeline security, code repository access controls, and build/release audit evidence collection. Track pipeline approvals, branch policies, code reviews, and deployment workflows for SOC 2, ISO 27001, and PCI-DSS compliance.
Continuous CI/CD security and code repository evidence collection
Read-only API access via Personal Access Token (PAT)
Generate a PAT in Azure DevOps with read-only scopes for Code, Build, Release, Work Items, and Project & Team. Use a service account with auditor permissions for compliance monitoring.
Select read-only scopes: Code (Read), Build (Read), Release (Read), Work Items (Read), Project and Team (Read), and Audit (Read). Set token expiration to 90 days and copy the PAT value.
Enter your Azure DevOps organization URL and PAT into LowerPlane. We'll verify access and start collecting pipeline, repository, and work item evidence.
LowerPlane uses read-only API access and cannot modify pipelines, repositories, work items, or user permissions. We never access source code contents, only metadata like commit history, branch policies, and pipeline configurations. PATs are encrypted at rest (AES-256) and in transit (TLS 1.3). You can revoke access at any time from your Azure DevOps security settings.
Real-time CI/CD and repository evidence mapped to compliance controls
| Control | Evidence Type | Service | Frequency |
|---|---|---|---|
Change ManagementSOC 2 | Pipeline approval workflows and deployment gates | Azure DevOps Services | Real-time |
Code ReviewISO 27001 | Branch policies and pull request approvals | Azure DevOps Services | Real-time |
Access ControlsSOC 2 | Repository permissions and user access logs | Azure DevOps Services | Daily |
Audit LoggingISO 27001 | Build/release history and pipeline run logs | Azure DevOps Services | Continuous |
Deployment SecurityPCI-DSS | Environment protection rules and approval chains | Azure DevOps Services | Real-time |
Code IntegrityISO 27001 | Commit signing policies and merge requirements | Azure DevOps Services | Daily |
Collecting evidence from all Azure DevOps projects and pipelines
View complete evidence mappingAzure DevOps integration satisfies CI/CD security and change management controls
Azure DevOps integration covers 12 SOC 2 controls focusing on change management, logical access, and system monitoring.
Essential CI/CD compliance automation
"The Azure DevOps integration transformed our change management evidence collection. Pipeline approvals, branch policies, and code review records are now automatically captured. Our auditors were impressed with the real-time deployment tracking."
Everything you need to know about Azure DevOps integration
Still have questions?
Contact our security teamBuild comprehensive DevOps security and change management coverage
Connect your Azure DevOps Services account in 3 minutes and start collecting CI/CD security evidence automatically
No credit card required • 14-day free trial • Setup in 3 minutes