When using Azure DevOps to track and monitor security issues, Vanta detects the priority from the Azure DevOps' Priority field.
Azure DevOps indicates priority value as “1, 2, 3, 4” etc; Vanta handles priority value as P0, P1, P2, P3.
Since Azure DevOps does not have an equivalent P0 option, Vanta accounts for this offset by mapping the priorities from Azure DevOps as follows:
- Priority 1 = P0 in Vanta (High)
- Priority 2 = P1 in Vanta (Medium)
- Priority 3 = P2 in Vanta (Low)
- Priority 4 = P3 in Vanta (Lowest)
If you notice security issues showing up in a test that does not represent their intended security priority, we recommend to test setting the Azure DevOps Priority field as value that best matches the mapping above.