Azure DevOps YAML Pipeline

Prerequisites

Install the CodeScan Cloud Extension

1. In the Azure DevOps app, go to the Marketplace and then select Browse Marketplace.

2. Search for CodeScan, select the CodeScan Cloud extension and then click Get it free.

3. Select your account and complete the installation.

Create a Service Endpoint

1. Open Project Settings

2. Under Pipelines select Service Connections

3. Select CodeScanCloud from the list and click Next

4. Add your CodeScan server URL (e.g., https://app.codescan.io/)

5. You will need a token from your CodeScan Cloud account for this step. Learn how to create security token here.

6. Add a name for your connection.

7. If you would like this connection available everywhere, click Grant access permissions to all pipelines. If you would like to restrict the use of this connection, leave this box unchecked and see this article.

8. Click Verify and Save

Setup

1. On your Project dashboard screen, select Pipeline > Pipelines and create a new Pipeline.

2. Once you are in the "Where is your code?" page, select the source of your code.

3. On the Select a Repository page, select the repository you would like to scan from.

4. On the Configure Your Pipeline page, select Starter Pipeline

5. You should see a bare bones YAML file. Remove the header comments, test step and script as you wont need those.

Add Prepare Analysis Configuration

1. On the right hand side of the page, click Show Assistant

2. Search for CodeScan

3. Click on Prepare Analysis Configuration.

4. Select your new Service Endpoint and the Organization you would like to connect to from the dropdown menu. If you are not sure, the Organization Key is available at the top left of your Organization page.

5. Select Use standalone scanner under the Choose a way to run the analysis.

6. Under Mode, select the Manually provide configuration checkbox.

7. Click Add

Now, in CodeScan Cloud we can set up the project.

1. In your selected CodeScan Cloud organization, navigate to Administration > Projects Management.

2. Click Create Project.

3. Enter your desired Project Name and Project Key and click Create. Keep these in mind, we'll need them in a second.

4. Click on your new empty project and navigate to Administration > Branches and Pull Requests.

5. Change your main branch name to the name of the default branch that you selected.

Now, back to Azure DevOps.

1. Enter the Project Name and Project Key you just created.

2. Click on Advanced. Remove the contents and add sonar.qualitygate.wait=true . This will fail the analysis if the Quality Gate fails.

3. Click Add

Add Run Code Analysis

1. On the right hand side of the page, click Show Assistant

2. Search for CodeScan

3. Click on Run Analysis

4. Click Add

Add Publish Quality Gate Result

1. On the right hand side of the page, click Show Assistant

2. Search for CodeScan

3. Click on Publish Quality Gate Result

4. Click Add

Your script should now look similar to the image below.

Triggering Builds from a Repository

The triggers in Azure DevOps can be configured for pushes to your branches or pull requests made against them.

Please see this article for information on triggers in YAML.