Qodana 2022.3 Help

Azure Pipelines

Qodana Scan

Qodana Scan is an Azure Pipelines task packed inside Qodana Azure Pipelines extension to scan your code with Qodana.

Usage

Basic configuration

After you've installed Qodana Azure Pipelines extension to your organization, to configure the Qodana Scan task, edit your azure-pipelines.yml file:

# Start with a minimal pipeline that you can customize to build and deploy your code. # Add steps that build, run tests, deploy, and more: # https://aka.ms/yaml trigger: - main pool: vmImage: ubuntu-latest steps: - task: Cache@2 # Not required, but Qodana will open projects with cache faster. inputs: key: '"$(Build.Repository.Name)" | "$(Build.SourceBranchName)" | "$(Build.SourceVersion)"' path: '$(Agent.TempDirectory)/qodana/cache' restoreKeys: | "$(Build.Repository.Name)" | "$(Build.SourceBranchName)" "$(Build.Repository.Name)" - task: QodanaScan@2022

Triggering this job depends on what type of repository you are using in Azure Pipelines.

The task can be run on any OS and x86_64/arm64 CPUs, but it requires the agent to have Docker installed. And since most of Qodana Docker images are Linux-based, the docker daemon must run Linux containers.

Qodana Cloud

To forward inspection results to Qodana Cloud, all you need to do is to specify the QODANA_TOKEN environment variable in the build configuration.

  1. In the Azure Pipelines UI, create the QODANA_TOKEN secret variable and save the project token as its value.

  2. In the Azure pipeline file, add QODANA_TOKEN variable to the env section of the QodanaScan task:

- task: QodanaScan@2022 env: QODANA_TOKEN: $(QODANA_TOKEN)

After the token is set for analysis, all Qodana Scan job results will be uploaded to your Qodana Cloud project.

Qodana Cloud

SARIF SAST Scans Tab

To display Qodana report summary in Azure DevOps UI in 'Scans' tab, install Microsoft DevLabs’ SARIF SAST Scans Tab extension.

Azure Scans Tab

Configuration

You probably won't need other options than args: all other options can be helpful if you are configuring multiple Qodana Scan jobs in one workflow.

Name

Description

Default Value

args

Additional Qodana CLI scan command arguments, split the arguments with commas (,), for example -i,frontend. Optional.

-

resultsDir

Directory to store the analysis results. Optional.

$(Agent.TempDirectory)/qodana/results

uploadResult

Upload Qodana results as an artifact to the job. Optional.

true

artifactName

Specify Qodana results artifact name, used for results uploading. Optional.

qodana-report

cacheDir

Directory to store Qodana caches. Optional.

$(Agent.TempDirectory)/qodana/cache

Last modified: 27 January 2023