Skip to content

Latest commit

 

History

History
91 lines (59 loc) · 4.71 KB

README.md

File metadata and controls

91 lines (59 loc) · 4.71 KB
Raw

GitHub Discussions Twitter Follow

Qodana is a code quality monitoring tool that identifies and suggests fixes for bugs, security vulnerabilities, duplications, and imperfections.

Table of Contents

Qodana Scan

Qodana Scan is an Azure Pipelines task packed inside this extension to scan your code with Qodana.

Usage

Basic configuration

After you've installed Qodana for Azure Pipelines to your organization, to configure the Qodana Scan task, edit your azure-pipelines.yml file:

# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
  - main

pool:
  vmImage: ubuntu-latest

steps:
  - task: Cache@2  # Not required, but Qodana will open projects with cache faster.
    inputs:
      key: '"$(Build.Repository.Name)" | "$(Build.SourceBranchName)" | "$(Build.SourceVersion)"'
      path: '$(Agent.TempDirectory)/qodana/cache'
      restoreKeys: |
        "$(Build.Repository.Name)" | "$(Build.SourceBranchName)"
        "$(Build.Repository.Name)"
  - task: QodanaScan@1

Triggering this job depends on what type of repository you are using in Azure Pipelines.

The task can be run on any OS and x86_64/arm64 CPUs, but it requires the agent to have Docker installed. And since most of Qodana Docker images are Linux-based, the docker daemon must run Linux containers.

SARIF SAST Scans Tab

To display Qodana report summary in Azure DevOps UI in 'Scans' tab, install Microsoft DevLabs’ SARIF SAST Scans Tab extension.

Azure Scans Tab

Configuration

You probably won't need other options than args: all other options can be helpful if you are configuring multiple Qodana Scan jobs in one workflow.

Name Description Default Value
args Additional Qodana CLI scan command arguments, split the arguments with commas (,), e.g. -i,frontend. Optional. -
resultsDir Directory to store the analysis results. Optional. $(Agent.TempDirectory)/qodana/results
uploadResult Upload Qodana results as an artifact to the job. Optional. true
artifactName Specify Qodana results artifact name, used for results uploading. Optional. qodana-report
cacheDir Directory to store Qodana caches. Optional. $(Agent.TempDirectory)/qodana/cache

Issue Tracker

All the issues, feature requests, and support related to the Qodana Azure Pipelines extension are handled on YouTrack.

If you'd like to file a new issue, please use the link YouTrack | New Issue.