Scan CodeScan Cloud projects in Azure DevOps
Prerequisites
CodeScan version 4.4+
An Azure DevOps Project for your Salesforce code
Note: Users have Azure SSO enabled in CodeScan. If an integration user has to be set up for Jenkins/Bitbucket projects, then the user must be created in Azure SSO.
Install the CodeScan Cloud Extension
In the Azure DevOps app, go to the
Marketplace
and then selectBrowse Marketplace
.Search for
CodeScan
, select theCodeScan Cloud
extension and then clickGet it free
.Select your account and complete the installation.
Setup
On your
Project
dashboard screen, selectPipeline > Pipelines
and create a new Pipeline.Once you are in the "Where is your code?" page, click Use the classic editor to create a pipeline without YAML.
Follow the instructions below for your source code location.
Azure DevOps Repo
Select
Azure Repos Git
and yourRepository name
.For your default branch, select the
branch
you would like to check pull requests against. Keep this branch name in mind, we will use it later in the setup. ClickContinue
.On the
Select a Template
page, select theSalesforce with CodeScan Cloud
template and clickApply
.In the Agent pool dropdown menu, select
Azure Pipelines
.In the
Agent Specification
dropdown menu, selectubuntu-20.04
.Click the
Prepare Analysis on CodeScan Cloud
section and create a new service endpoint.Add your CodeScan server URL (e.g., https://app.codescan.io/)
You will need a token from your CodeScan Cloud account for this step. Learn how to create security token HERE.
Add a name for your connection.
Make sure to verify the connection before leaving the pop-up.
Select your new
Service Endpoint
and theOrganization
you would like to connect to from the dropdown menu. If you are not sure, the Organization Key is available at the top left of yourOrganization
page.Select
Use standalone scanner
under theChoose a way to run the analysis
.Under
Mode
, select themake sure Manually provide configuration
checkbox.
Now, in CodeScan Cloud we can set up the project.
In your selected CodeScan Cloud organization, navigate to
Administration > Projects Management
.Click
Create Project
.Enter your desired
Project Name
andProject Key
and clickCreate
. Keep these in mind, we'll need them in a second.Click on your new empty project and navigate to
Administration > Branches and Pull Requests
.Change your main branch name to the name of the default branch that you selected.
Now, back to Azure DevOps.
Enter the
Project Name
andProject Key
you just created.Click
Save and Queue
and let the analysis complete to see your results in CodeScan Cloud.
Triggering Builds from an Azure DevOps Repository
To trigger the builds, you will need to create a build policy on the branch you would like to check pull requests against.
Navigate to
Repos > Branches
.Click on the
More
menu for the desired branch and clickBranch Policies
.In the
Build Validation
section,add a new build policy
.Select your
new pipeline
and selectAutomatic for the Trigger settings
and choose your policy requirements.
This pipeline will now run when:
Pull requests are created against the branch
Pull requests are updated
Pull requests are merged.
The project branches on CodeScan Cloud will be updated accordingly.
Breaking the Builds
To break the builds based on the Quality Gate once this analysis has run, you can add a PowerShell script to the pipeline.
First create a Security Token and add it as a variable named
CODESCAN_TOKEN
in your pipeline Variables menu.Add a PowerShell step to your pipeline after the Publish Quality Gate step and add the following script inline, changing the below parameters:
<<project_key>>
to your actual project key.{codescan_instance_url}:
Your instance's URL, for example, https://app.codescan.io/ for US region, https://app-eu.codescan.io/ for EU region or https://app-aus.codescan.io/ for AUS region.
The pipeline will now fail if the quality gates for the project are not passed.
Last updated