A comprehensive dashboard for tracking vulnerabilities and patches in Azure DevOps build and release pipelines. Built with Python, Dash, and integrated with Azure DevOps REST API and Microsoft Security Response Center (MSRC) API.
- Real-time Vulnerability Tracking: Monitor vulnerabilities across all Azure DevOps pipelines
- Patch Management: Track patch availability and status for identified vulnerabilities
- Interactive Filtering: Filter by severity, status, and patch availability
- Visual Analytics:
- Vulnerability distribution by severity
- Top affected pipelines
- Patch coverage metrics
- Comprehensive Metrics:
- Total vulnerabilities
- Critical/High severity counts
- Patch coverage percentage
- Unpatched critical/high vulnerabilities
- Sample Data Mode: Test the dashboard with realistic sample data before connecting to live APIs
- Backend: Python 3.8+
- Dashboard Framework: Dash + Plotly
- UI Components: Dash Bootstrap Components
- APIs:
- Azure DevOps REST API
- Microsoft Security Response Center (MSRC) API
- Data Processing: Pandas
- Python 3.8 or higher
- Azure DevOps organization (for live data)
- Azure DevOps Personal Access Token with permissions:
- Build (Read)
- Release (Read)
- Code (Read)
cd d:\WebApps\azure-vuln-dashboardpython -m venv venvWindows:
venv\Scripts\activateLinux/Mac:
source venv/bin/activatepip install -r requirements.txtCopy .env.example to .env and update with your settings:
copy .env.example .envEdit .env:
# Azure DevOps Configuration
AZURE_DEVOPS_ORG=your-organization-name
AZURE_DEVOPS_PAT=your-personal-access-token
# Dashboard Configuration
DASHBOARD_PORT=8050
DEBUG_MODE=True
# Use Sample Data (Set to False when connecting to real Azure DevOps)
USE_SAMPLE_DATA=Truepython run.pyThe dashboard will be available at: http://127.0.0.1:8050
By default, the dashboard uses sample data (USE_SAMPLE_DATA=True). This allows you to:
- Test the dashboard without Azure DevOps credentials
- See realistic vulnerability and patch data
- Explore all features and functionality
Sample data includes:
- 12 realistic vulnerabilities with various severity levels
- 9 patch records with KB article information
- Multiple pipeline types (Build and Release)
To connect to your actual Azure DevOps organization:
-
Generate Personal Access Token (PAT):
- Go to Azure DevOps → User Settings → Personal Access Tokens
- Click "New Token"
- Set scopes: Build (Read), Release (Read), Code (Read)
- Copy the generated token
-
Update .env file:
AZURE_DEVOPS_ORG=mycompany AZURE_DEVOPS_PAT=your-actual-pat-token-here USE_SAMPLE_DATA=False
-
Restart the dashboard:
python run.py
azure-vuln-dashboard/
├── src/
│ ├── api/
│ │ ├── azure_devops_client.py # Azure DevOps API integration
│ │ ├── patch_service.py # Patch status queries
│ │ └── __init__.py
│ ├── etl/
│ │ ├── data_aggregator.py # Data aggregation logic
│ │ ├── transformer.py # Data transformation
│ │ └── __init__.py
│ ├── dashboard/
│ │ ├── app.py # Main Dash application
│ │ ├── layouts.py # Dashboard layouts
│ │ ├── callbacks.py # Interactive callbacks
│ │ └── __init__.py
│ ├── data/
│ │ ├── sample_vulnerabilities.json
│ │ └── sample_patches.json
│ └── config.py # Configuration management
├── .env.example # Environment variables template
├── .gitignore
├── requirements.txt
├── README.md
├── DEPLOYMENT.md
└── run.py # Application entry point
- Total Vulnerabilities: Overall count of detected vulnerabilities
- Critical/High: Count of critical and high severity vulnerabilities
- Patch Coverage: Percentage of vulnerabilities with available patches
- Unpatched Critical/High: Count of high-risk unpatched vulnerabilities
- Severity Filter: Filter by Critical, High, Medium, Low
- Status Filter: Filter by Open, In Progress, Patched
- Patch Availability: Filter by patch available or not
- Severity Distribution: Pie chart showing vulnerability breakdown by severity
- Top Affected Pipelines: Bar chart of most vulnerable pipelines
Interactive table with:
- CVE ID
- Vulnerability title
- Severity level (color-coded)
- CVSS score
- Affected pipeline
- Detection date
- Status
- Patch availability indicator
The dashboard integrates with Azure DevOps using version 7.0 of the REST API:
- Endpoints Used:
/_apis/projects- Get all projects/_apis/build/definitions- Get build pipelines/_apis/build/builds- Get build history/_apis/release/definitions- Get release pipelines/_apis/release/releases- Get release history
For patch information:
- Endpoints Used:
/cvrf/v2.0/updates- Get security update summaries/cvrf/v2.0/cvrf/{id}- Get detailed update information
To add additional vulnerability sources, extend the DataAggregator class:
def fetch_custom_vulnerabilities(self):
# Your custom logic here
return vulnerabilitiesEdit src/dashboard/layouts.py to customize the dashboard appearance and components.
- Add filter UI in
layouts.py - Add filter logic in
callbacks.py
- Check Python version (3.8+)
- Ensure all dependencies are installed:
pip install -r requirements.txt - Check for port conflicts (default: 8050)
- Verify
.envconfiguration - Check Azure DevOps PAT permissions
- Review console logs for error messages
- Verify organization name is correct
- Ensure PAT hasn't expired
- Check network connectivity to Azure DevOps
- Never commit
.envfile - It contains sensitive credentials - Use least-privilege PAT - Only grant required permissions
- Rotate PATs regularly - Set expiration dates and rotate tokens
- Secure the dashboard - Use authentication if exposing publicly
Contributions are welcome! Areas for improvement:
- Additional data sources (SonarQube, Snyk, etc.)
- Email notifications for new critical vulnerabilities
- Historical trend analysis
- Export functionality (PDF, Excel)
- Multi-organization support
This project is provided as-is for educational and demonstration purposes.
For issues or questions:
- Check the DEPLOYMENT.md guide
- Review console logs for error details
- Verify Azure DevOps API documentation
P Ganesh Krishna Reddy
Cybersecurity Undergraduate & Full-Stack Developer
I am a passionate cybersecurity professional with hands-on experience in designing SOC-aligned detection systems, performing penetration testing, analyzing attack vectors, and conducting vulnerability research across network and application layers.
- Email: pganeshkrishnareddy@gmail.com
- Phone: +91-8374622779
- LinkedIn: linkedin.com/in/pganeshkrishnareddy
- GitHub: github.com/ganeshkrishnareddy
- Portfolio: pganeshkrishnareddy.vercel.app
Key Coursework: Intrusion Detection Systems, Application Security, Network Security, SOC Operations, Threat Detection, Malware Analysis, Digital Forensics, Secure Coding Practices
- QuickHeal Certified Malware Analyst - December 2025
- CompTIA Network+ - August 2025
- CompTIA Security+ - August 2025
- QuickHeal Certified Digital Forensic Investigator - January 2026
- CS50: Introduction to Computer Science - Harvard University
January 2026 - Present
- Developed real-time intrusion detection system with ML-based anomaly detection
- Integrated XGBoost models for detecting DDoS, SQL injection, and brute-force attacks
- Technologies: Python, XGBoost, FastAPI, Next.js
- GitHub: github.com/ganeshkrishnareddy/IDS-Defense
August 2025 - December 2025
- Built automated email and URL threat analysis system
- Applied heuristics-based AI analysis and sandbox validation for real-time classification
- Technologies: Python, AI/ML Heuristics, API Security
- GitHub: github.com/ganeshkrishnareddy/mailshield
April 2025 - July 2025
- Investigated Android applications vulnerable to insecure data storage and network interception
- Performed static and dynamic analysis using instrumentation and runtime hooking techniques
- Technologies: Python, JADX, Frida
- GitHub: github.com/ganeshkrishnareddy/AndroidSecurityProject
Built with ❤️ using Python and Dash by P Ganesh Krishna Reddy