แก้ไข

แชร์ผ่าน


AdvancedSecurity-Codeql-Analyze@1 - Advanced Security Perform CodeQL analysis v1 task

Analyzes the code in an Azure Repos Git repository to find security vulnerabilities and coding errors. You must have GitHub Advanced Security for Azure DevOps enabled for the repository being scanned.

Syntax

# Advanced Security Perform CodeQL analysis v1
# Finalizes the CodeQL database and runs the analysis queries.
- task: AdvancedSecurity-Codeql-Analyze@1
  inputs:
    #WaitForProcessing: false # boolean. Enable Wait for Processing. Default: false.
    #WaitForProcessingInterval: '5' # string. Optional. Use when WaitForProcessing = true. Wait for Processing Time Interval. Default: 5.
    #WaitForProcessingTimeout: '120' # string. Optional. Use when WaitForProcessing = true. Wait for Processing Timeout. Default: 120.

Inputs

WaitForProcessing - Enable Wait for Processing
boolean. Default value: false.

Wait for Advanced Security to process published SARIF file before completing.


WaitForProcessingInterval - Wait for Processing Time Interval
string. Optional. Use when WaitForProcessing = true. Default value: 5.

Time, in seconds, to wait between each call to Advanced Security to check SARIF processing status.


WaitForProcessingTimeout - Wait for Processing Timeout
string. Optional. Use when WaitForProcessing = true. Default value: 120.

Time, in seconds, to wait for Advanced Security to process SARIF file before completing.


Task control options

All tasks have control options in addition to their task inputs. For more information, see Control options and common task properties.

Output variables

None.

Remarks

Important

This task is supported with Azure Repos Git repositories only.

Prerequisites

For the task to successfully complete and populate the Advanced Security tab for the scanned repository, Advanced Security must be enabled for that repository prior to running a build with the dependency scanning task included.

The task is available to run on self-hosted agents as well as Microsoft-hosted agents. For self-hosted agents, see additional self-hosted agent set-up instructions.

The pipeline must call the tasks in the following order.

  1. Initialize CodeQL
  2. AutoBuild (or your custom build tasks)
  3. Perform CodeQL analysis

The AutoBuild task is optional and may be replaced with your custom build tasks. Either AutoBuild or your custom build tasks must be run for your project to be analyzed.

The analysis task must appear after the initialize task for successful completion.

# Initialize CodeQL database 
- task: AdvancedSecurity-Codeql-Init@1
  inputs: 
    languages: 'csharp' 
  displayName: 'Advanced Security Initialize CodeQL' 

# Build project using Autobuild or your own custom build steps 
- task: AdvancedSecurity-Codeql-Autobuild@1
  displayName: 'Advanced Security Autobuild' 

# Run analysis 
- task: AdvancedSecurity-Codeql-Analyze@1 
  displayName: 'Advanced Security Code Scanning' 

Requirements

Requirement Description
Pipeline types YAML, Classic build, Classic release
Runs on Agent, DeploymentGroup
Demands None
Capabilities This task does not satisfy any demands for subsequent tasks in the job.
Command restrictions Any
Settable variables Any
Agent version All supported agent versions.
Task category Build

See also