Azure Pipelines
Edit page Last modified: 21 November 2022Qodana Scan
Qodana Scan is an Azure Pipelines task packed inside Qodana Azure Pipelines extension to scan your code with Qodana.
Usage
Basic configuration
After you've installed Qodana Azure Pipelines extension to your organization, to configure the Qodana Scan task, edit your azure-pipelines.yml file:
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: Cache@2 # Not required, but Qodana will open projects with cache faster.
inputs:
key: '"$(Build.Repository.Name)" | "$(Build.SourceBranchName)" | "$(Build.SourceVersion)"'
path: '$(Agent.TempDirectory)/qodana/cache'
restoreKeys: |
"$(Build.Repository.Name)" | "$(Build.SourceBranchName)"
"$(Build.Repository.Name)"
- task: QodanaScan@2022Triggering this job depends on what type of repository you are using in Azure Pipelines.
The task can be run on any OS and x86_64/arm64 CPUs, but it requires the agent to have Docker installed. And since most of Qodana Docker images are Linux-based, the docker daemon must run Linux containers.
SARIF SAST Scans Tab
To display Qodana report summary in Azure DevOps UI in 'Scans' tab, install Microsoft DevLabs’ SARIF SAST Scans Tab extension.
Configuration
You probably won't need other options than args: all other options can be helpful if you are configuring multiple Qodana Scan jobs in one workflow.
Name | Description | Default Value |
|---|---|---|
| Additional Qodana CLI | - |
| Directory to store the analysis results. Optional. |
|
| Upload Qodana results as an artifact to the job. Optional. |
|
| Specify Qodana results artifact name, used for results uploading. Optional. |
|
| Directory to store Qodana caches. Optional. |
|
Thanks for your feedback!