Skip to main content

Pipeline Scan example for using Gradle with Azure DevOps

This example YAML code shows how to add a Pipeline Scan as a build stage in an Azure DevOps build pipeline that uses Gradle.

The example includes a script that downloads and unzips pipeline-scan-LATEST.zip, to ensure you have the latest version, then runs pipeline-scan.jar using your API credentials. For improved stability, Veracode recommends that you change these scripts to use the Pipeline Scan Docker image.

trigger:
- master

pool:
vmImage: 'ubuntu-latest'

steps:
- task: Gradle@2
inputs:
workingDirectory: ''
gradleWrapperFile: 'gradlew'
gradleOptions: '-Xmx3072m'
javaHomeOption: 'JDKVersion'
jdkVersionOption: '1.8'
jdkArchitectureOption: 'x64'
publishJUnitResults: true
testResultsFiles: '**/TEST-*.xml'
tasks: 'build'
- script: |
curl -O -L https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
displayName: 'Download Pipeline Scanner'
- task: ExtractFiles@1
inputs:
archiveFilePatterns: 'pipeline-scan-LATEST.zip'
destinationFolder: 'pipeline'
cleanDestinationFolder: false
- script: |
java -jar pipeline\pipeline-scan.jar --veracode_api_id "$(VERACODE_API_ID)" --veracode_api_key "$(VERACODE_API_KEY)" --file "example.jar" --fail_on_severity="Very High, High" --fail_on_cwe="80"
env:
VERACODE_API_ID: $(VERACODE_API_ID)
VERACODE_API_KEY: $(VERACODE_API_KEY)
displayName: 'Run Pipeline Scan'