Introducing Qodana for Azure Pipelines
Read this post in other languages:
With Qodana, you can detect, analyze, and resolve code issues right in the CI/CD system you rely on. Since Qodana was released, we’ve supported GitHub Actions, GitHub App, GitLab CI/CD, TeamCity, and Jenkins. We continue to expand our integrated environments to make sure we bring code quality into your favorite CI/CD. This time around, we’re introducing a new extension for Azure Pipelines.
Qodana linters are now integrated into your Azure DevOps repositories to allow you to make code analysis a part of your build pipeline and ensure the maintainability and reliability of your projects. You can integrate Qodana with Azure Pipelines in just 2 steps:
Now let’s dive into the details.
Install Qodana for Azure Pipelines
From Visual Studio Marketplace, install the Qodana for Azure Pipelines extension by clicking the Get it free button, and Proceed to organization once the installation has finished.
If you do not have the required permissions to install an extension from the marketplace, a request will be sent to the account administrator to ask them to approve the installation.
Configure Qodana to analyze your code
Set up a pipeline that integrates with Qodana
Before analyzing your code, you will first need to set up a new build pipeline that integrates with Qodana. On the Azure DevOps panel, go to Pipelines and click Create Pipeline. If any pipelines have already been created, select New pipeline.
You can configure the pipeline with either the YAML editor or the classic editor. When using the classic editor, you can take advantage of the predefined templates. The YAML editor requires you to use a YAML file. Let’s choose the latter for this example.
The YAML editor will open with the template YAML file. In order to configure it correctly you will need to configure the Qodana Scan task by editing your azure-pipelines.yml file:
# Start with a minimal pipeline that you can customize to build and deploy your code. # Add steps that build, run tests, deploy, and more: # https://aka.ms/yaml trigger: - main pool: vmImage: ubuntu-latest steps: - task: Cache@2 # Not required, but Qodana will open projects with cache faster. inputs: key: '"$(Build.Repository.Name)" | "$(Build.SourceBranchName)" | "$(Build.SourceVersion)"' path: '$(Agent.TempDirectory)/qodana/cache' restoreKeys: | "$(Build.Repository.Name)" | "$(Build.SourceBranchName)" "$(Build.Repository.Name)" - task: QodanaScan@1
You can also find the Qodana Scan task in the list of tasks on the Show assistant panel.
Run your pipeline
When you are done making the changes to the file, click Save and Run.
See the results
To display the Qodana report summary in Azure DevOps, install Microsoft DevLabs’ SARIF SAST Scans Tab extension. Once installation is done, go to the Pipelines tab, select the pipeline being run and analyzed, and look at the Scans tab for more information about the quality of your code.
With the Qodana for Azure Pipelines extension, you will be able to easily integrate Qodana into your Azure DevOps pipeline and start seeing the analytics the first time your code is checked.
If you have any questions or suggestions about Qodana, post a comment here, tag us on Twitter or contact us at email@example.com.
Your Qodana team