Cloud-native Computing

What Is the Azure DevOps Extension?

Azure DevOps Extensions are add-ons that are customized to provide a better DevOps experience. The language they are written with is HTML, JavaScript, and CSS. To develop these extensions, only preferred development tools are used. These extensions use RESTful API Library to easily interact with Azure DevOps and applications/services. The Visual Studio Marketplace is where extensions are published and they can be kept private for you and your team or shared with the millions of developers currently using Azure DevOps.

Generally, Azure DevOps Extensions are built to perform the following tasks:

  • Planning and tracking of work items, sprints, scrums, and so on.
  • Pipelines build and release flows.
  • Code testing and tracking.
  • Collaboration among team members.
Components of an Azure DevOps Extension:
  • JSON Manifest File: It contains basic info about the extension.
  • Discovery Assets: These are the markdown and images that make up your extension's overview and aesthetics in the Marketplace.
  • Static Files: These files contain the logic of your extension, including HTML, JS, and CSS files. These files are only applicable to contribution-based extensions.

Best Azure DevOps Extensions:

  • Analytics 
  • Analytics brings you and your team new insights into the health and status of your DevOps life cycle. It helps you make data-driven decisions and deliver value to your customers faster. With Analytics, you can get engaging insights on your work items and automated tests. 

  • SonarCloud
  • SonarCloud is a cloud-hosted version of SonarQube from SonarSource and is used for static code analysis. It scans the source code for design, architecture, security, code smells, and a few other quality issues. After a thorough scan, it provides a detailed project report on the SonarCloud website, with details of every file that needs improvement. This is a great way to maintain code quality and keep technical debt at rest and at the same time keeping code compliant with the industry standards and specifications.

  • Azure DevOps Open in Excel
  • You can use this extension for bulk editing work items or leverage Excel tools to analyze and visualize a large number of work items. Work items that are opened in Excel can be edited and published back to Azure DevOps with a single click. Once you are ready to publish your changes, simply hit "Publish" from Excel to sync your changes back to Azure DevOps. 

  • SonarQube
  • Sonarqube is similar to SonarCloud. It has the same functionality as SonarCloud, and is from the same Company ‘SonarSource’. SonarQube is a self-hosted version of SonarCloud. It is hosted either in a physical server or a Virtual Machine (VM) either in an on-premise or cloud environment. 

  • Code Search
  • As your codebase expands and is divided across multiple projects and repositories, focusing on priorities becomes difficult. To maximize cross-team collaboration and code sharing, you need a solution that can quickly and efficiently locate relevant information across all of your projects. From discovering examples of an API's implementation, browsing its definition to searching for error text, Code Search delivers a one-stop solution for all your code exploration and troubleshooting needs.

  • WhiteSource Bolt
  • It is used to scan for any vulnerabilities in third-party open-source client-side packages and dependencies we use in our projects. WhiteSource Bolt doesn’t need a service connection to work. This product keeps its databases updated, with a list of open source libraries and packages and their known vulnerabilities, and uses it to scan the repositories and report issues.

  • Timetracker
  • It is designed for software developers to help them with time recording, forecasting, and management capabilities. It supports engineers, builds feedback, and helps your team learn and improve over time. It automates standard tasks, lets you create reports, and helps forecast project time. It integrates quietly into your existing IT landscape and has its own integrated security and permission model.

  • OwaspZap
  • This extension is available to scan the code for OWASP web application standards. Post-scan provides a report in the Azure DevOps Dashboard widget, with the list of issues in the web applications like XSS issues, framing issues of websites, missing HTTP headers, and many more. This extension doesn’t need any service connection and data.

  • Fortify
  • Fortify is a third-party product from Microfocus that comes with system security scan capabilities. It can be used for both static as well as dynamic security scans. It covers many industry security standards like OWASP Top 10, PCI compliance, and many more. This is one of the most used products and extensions when it comes to the security testing of applications and systems. In the case of static scans, it checks each code file and component in the repository and provides an online report with details of all issues. Fortify needs to be first installed in a server or a VM followed by connecting it to Azure DevOps Project, before using this task in the pipelines.

    How to Add an Extension?

    By following the steps given below, you can add extensions to your organization:

    • Go to the Visual Studio Marketplace
    • Under the search bar, find extensions for your organization.
    • Once you find the appropriate extension, install it from the Marketplace and start using it in Azure DevOps.


    Surely, you know the immense capabilities of Azure DevOps and its features. And this the reason you are either already using it or want to use it. But like you, many people are ignorant about the Azure DevOps Extensions. These extensions increase the strength of your DevOps practices and are extremely easy to use.

    There are tons of extensions available for you to incorporate into your Azure DevOps. Apart from using these extensions, you can also build new ones exclusively for you and your team or you can share them with other developers.