Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Azure DevOps Services | Azure DevOps Server 2022 - Azure DevOps Server 2019
Extensions are add-ons, which you can use to customize and extend your experience with Azure DevOps. They're written with standard technologies - HTML, JavaScript, CSS - and developed using your preferred development tools.
Extensions get published at the Visual Studio Marketplace, where they can be kept private for you and your team or shared publicly with the millions of developers currently using Azure DevOps.
Extensions use our RESTful API Library to easily interact with Azure DevOps and applications/services.
The following items make up an extension:
These files and assets get bundled up to make a VSIX file that gets published to the Marketplace.
From the Marketplace, users can install extensions directly into their organization. If you don't have permissions to install an extension, but you're a project member, you can request an extension instead.
There are dozens of ways you can use an extension and places where you can add to the user interface, and we're adding more every sprint. Learn about all of the places where you can add a hub in the Extensibility points.
To evaluate a Marketplace extension, review the information and resources described in the following table. You can find this information in the extension information
Information
Usage
Top Publisher badge
The publisher demonstrates commitment to its customers and the Marketplace through excellent policies, quality, reliability, and support. For more information, see Top Publisher.
Q & A
The Q & A section of published extensions might answer questions you have. Also, they're a good mechanism to engage with the extension’s publisher(s) to have a meaningful dialogue to make yourself comfortable. Use the Q & A information to understand the development, testing, and security practices the publisher follows. It also gives you a sense of the publisher's responsiveness.
Ratings & reviews
Ratings and reviews indicate how others perceive the offering. For more information, see Respond to customer feedback.
Privacy, license, and support policies
See if the publisher provided them and if they meet your needs or concerns. For more information, go to Safety information.
Malware scan: The Marketplace runs a virus scan on each new and updated extension package that publishes to ensure its safety. Until the scan is all clear, we don't publish the extension for public usage. If a concern surfaces, the Marketplace team has the means to disable an extension immediately and notify its existing customers.
Content scan: The Marketplace scans content for every new and updated extension to avoid surfacing inappropriate or offensive content on the Marketplace pages.
Access to approved scopes only: An extension can only operate within the granted scopes. For example, an extension that has only read permissions on work items can't modify your features and bugs. Azure DevOps web extensions run in a sandboxed browser IFrame. They're only able to access Azure DevOps data and APIs approved for the extension. During installation, admins are prompted to approve permissions and scopes. One way to protect yourself is to carefully review the scopes the extension requests.
Note
If the scopes change for an extension, the you must approve the update before it can become applicable on your organization or collection.
Third-party build and release tasks: Tasks are implemented as code that executes on an agent machine. Tasks are only able to access secrets explicitly provided to them (see variable secrets), but tasks generally have full access to the agent machine itself. To reduce risk, run builds on Microsoft-hosted agents, which are VMs isolated from other jobs and recycled after each job. Or, limit file and network access on private hosted agent machines. Learn more about build and release agents.
Third-party code execution on the server: There's no way for an extension to install or execute any code on Azure DevOps Server.
Before you build an extension, familiarize yourself with the extension types already available within the Marketplace, Extensions for Azure DevOps. Learn how to build your first extension and check out our full set samples.
For more information about building extensions, see the following articles:
Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register now