Introducing Qodana for Azure Pipelines

[tiulpin]

With Qodana, you can detect, analyze, and resolve code issues right in the CI/CD system you rely on. Since Qodana was released, we’ve supported GitHub Actions, GitHub App, GitLab CI/CD, TeamCity, and Jenkins. We continue to expand our integrated environments to make sure we bring code quality into your favorite CI/CD. This time around, we’re introducing a new extension for Azure Pipelines.

Try for free

Qodana linters are now integrated into your Azure DevOps repositories to allow you to make code analysis a part of your build pipeline and ensure the maintainability and reliability of your projects. You can integrate Qodana with Azure Pipelines in just 2 steps:

• Install Qodana for Azure Pipelines
• Configure Qodana to analyze your code

Now let’s dive into the details.

Install Qodana for Azure Pipelines

From Visual Studio Marketplace, install the Qodana for Azure Pipelines extension by clicking the Get it free button, and Proceed to organization once the installation has finished.

If you do not have the required permissions to install an extension from the marketplace, a request will be sent to the account administrator to ask them to approve the installation.

Configure Qodana to analyze your code

Set up a pipeline that integrates with Qodana

Before analyzing your code, you will first need to set up a new build pipeline that integrates with Qodana. On the Azure DevOps panel, go to Pipelines and click Create Pipeline. If any pipelines have already been created, select New pipeline.

You can configure the pipeline with either the YAML editor or the classic editor. When using the classic editor, you can take advantage of the predefined templates. The YAML editor requires you to use a YAML file. Let’s choose the latter for this example.

The YAML editor will open with the template YAML file. In order to configure it correctly you will need to configure the Qodana Scan task by editing your azure-pipelines.yml file:

# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml

trigger:
  - main

pool:
  vmImage: ubuntu-latest

steps:
  - task: Cache@2 # Not required, but Qodana will open projects with cache faster.
    inputs:
      key: '"$(Build.Repository.Name)" | "$(Build.SourceBranchName)" | "$(Build.SourceVersion)"'
      path: '$(Agent.TempDirectory)/qodana/cache'
      restoreKeys: |
        "$(Build.Repository.Name)" | "$(Build.SourceBranchName)"
        "$(Build.Repository.Name)"
  - task: QodanaScan@1

You can also find the Qodana Scan task in the list of tasks on the Show assistant panel.

​​Run your pipeline

When you are done making the changes to the file, click Save and Run.

See the results

To display the Qodana report summary in Azure DevOps, install Microsoft DevLabs’ SARIF SAST Scans Tab extension. Once installation is done, go to the Pipelines tab, select the pipeline being run and analyzed, and look at the Scans tab for more information about the quality of your code.

With the Qodana for Azure Pipelines extension, you will be able to easily integrate Qodana into your Azure DevOps pipeline and start seeing the analytics the first time your code is checked.

If you have any questions or suggestions about Qodana, post a comment here, tag us on Twitter or contact us at [email protected].

Your Qodana team

[tiulpin]

By the way, this extension is open-sourced and is based on our GitHub action – https://github.com/JetBrains/qodana-action/tree/main/vsts

[SabareeshGC]

Unable to find the branch name, please set the environment variable QODANA_BRANCH this is happening on Azure pipeline so how do we set the branch . Also having trouble reading gradle.properties file even after setting them via volume flag