Integrate Vulnetix CLI into Azure DevOps Pipelines with Key Vault secrets, multi-stage pipelines, and cross-platform builds. SARIF, CycloneDX, SPDX support.
Add Vulnetix to Azure DevOps
Create azure-pipelines.yml and run the Vulnetix CLI in your Azure DevOps pipeline. It collects SARIF, CycloneDX and SPDX artifacts automatically and uploads them for centralised vulnerability management:
trigger:
branches:
include:
- main
pool:
vmImage: 'ubuntu-latest'
steps:
- task: Bash@3
displayName: 'Install Vulnetix'
inputs:
targetType: 'inline'
script: |
curl -fsSL https://raw.githubusercontent.com/vulnetix/cli/main/install.sh | sh
export PATH=$PATH:$HOME/.local/bin
vulnetix scan
vulnetix upload --file reports/results.sarif
env:
VULNETIX_ORG_ID: $(VULNETIX_ORG_ID)
Why run Vulnetix in Azure DevOps?
Every scan from every job lands in one queue, deduplicated and prioritised with EPSS, CISA KEV and Coalition ESS exploit intelligence — so your Azure DevOps pipeline gates merges on what is actually exploitable, not raw scanner noise.