Azure Pipelines
Edit pageLast modified: 14 February 2025Qodana Scan is an Azure Pipelines task packed inside the Qodana Azure Pipelines extension to analyze your code within existing pipelines using Qodana.
Before you start
All configuration examples in this section use a project token generated by Qodana Cloud. This token is required for the paid Qodana linters and optional for use with the Community linters. You can see these sections to learn how to generate the project token in the Qodana Cloud UI:
The project setup section explains how to generate a project token when first working with Qodana Cloud.
The Manage a project section explains how to create a project token within an existing Qodana Cloud organization.
Once you obtain the project token, go to your pipeline UI, create the
QODANA_TOKEN
secret variable, and save the project token as its value.If you are using a Qodana Cloud instance other than
https://qodana.cloud/
, override it by setting theQODANA_ENDPOINT
environment variable.In your Azure DevOps organization, install the Qodana Azure Pipelines extension.
Basic configuration
note
Triggering Qodana Scan depends on the repository type that you are using in Azure Pipelines.
You can run the Qodana Scan task on any OS and x86_64/arm64 CPUs, but it requires the agent to have Docker installed. Additionally, since most Qodana Docker images are Linux-based, the Docker daemon must support running Linux containers.
You can configure this task using either a YAML-formatted file or the Classic interface.
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: Cache@2 # Not required, but Qodana will open projects with cache faster.
inputs:
key: '"$(Build.Repository.Name)" | "$(Build.SourceBranchName)" | "$(Build.SourceVersion)"'
path: '$(Agent.TempDirectory)/qodana/cache'
restoreKeys: |
"$(Build.Repository.Name)" | "$(Build.SourceBranchName)"
"$(Build.Repository.Name)"
- task: QodanaScan@2024
inputs:
uploadResult: true
args: -e,AUSERNAME=$(AUSERNAME),-e,APASSWORD=$(APASSWORD)
env:
QODANA_TOKEN: $(QODANA_TOKEN)
Here, the -e
option adds input arguments, and the QODANA_TOKEN
variable refers to the project token generated by Qodana Cloud.
Add the Qodana Scan
task to the pipeline configuration and then configure it as shown below.

The description of configuration options is available in the Configuration chapter of this section.
Pull requests
This is how you can enable Qodana analysis for pull requests:
pr:
branches:
include:
- '*'
pool:
vmImage: ubuntu-latest
steps:
- checkout: self
fetchDepth: 0
- task: QodanaScan@2024
env:
QODANA_TOKEN: $(QODANA_TOKEN)
inputs:
prMode: true
Here, QODANA_TOKEN
refers to the project token generated by Qodana Cloud.
Check the PR Mode option in the pipeline configuration as shown below.

Quality gate and baseline
You can also configure the quality gate and baseline features as shown below.
In this configuration, the args:
block configures the quality gate and baseline features using comma-separated options.
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: Cache@2 # Not required, but Qodana will open projects with cache faster.
key: '"$(Build.Repository.Name)" | "$(Build.SourceBranchName)" | "$(Build.SourceVersion)"'
path: '$(Agent.TempDirectory)/qodana/cache'
restoreKeys: |
"$(Build.Repository.Name)" | "$(Build.SourceBranchName)"
"$(Build.Repository.Name)"
- task: QodanaScan@2024
env:
QODANA_TOKEN: $(QODANA_TOKEN)
inputs:
args: '--baseline,qodana.sarif.json,--fail-threshold,5'
Use the Qodana CLI arguments field to configure the baseline and quality gate features using comma-separated options.

Code coverage
Follow recommendations from the Code coverage section to prepare your project. Use these examples to instruct Qodana to map the directory containing code coverage results.
In this configuration, the args:
block maps the results of code coverage analysis to the /data/coverage
directory.
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: Cache@2 # Not required, but Qodana will open projects with cache faster.
key: '"$(Build.Repository.Name)" | "$(Build.SourceBranchName)" | "$(Build.SourceVersion)"'
path: '$(Agent.TempDirectory)/qodana/cache'
restoreKeys: |
"$(Build.Repository.Name)" | "$(Build.SourceBranchName)"
"$(Build.Repository.Name)"
- task: QodanaScan@2024
env:
QODANA_TOKEN: $(QODANA_TOKEN)
inputs:
args: '-v, $(System.DefaultWorkingDirectory)/<ProjectPath>/.qodana/:/data/coverage'
Use the Qodana CLI arguments field to map the results of code coverage analysis to the /data/coverage
directory.

SARIF SAST Scans Tab
To display Qodana report summary in Azure DevOps UI on the Scans tab, install Microsoft DevLabs’ SARIF SAST Scans Tab extension and set the uploadSarif
/Upload SARIF option in your pipeline configuration to true
.

Configuration
You won't probably need other options than args
: all other options can be helpful if you are configuring multiple Qodana Scan
jobs in one workflow.
YAML option | UI element of the classic editor | Description | Default Value |
---|---|---|---|
| Qodana CLI arguments | Additional Qodana CLI If an argument has a value, you can pass it using Optional. | None |
| Results Directory | Directory to store the analysis results. Optional. |
|
| Upload Result | Upload Qodana results as an artifact to the job. Optional. |
|
| Upload SARIF | Upload qodana.sarif.json as an qodana.sarif artifact to the job. Optional. |
|
| Artifact Name | Specify Qodana results artifact name, used for results uploading. Optional. |
|
| Cache Directory | Directory to store Qodana caches. Optional. |
|
| PR Mode | Enable pull request analyses |
|
Thanks for your feedback!