Skip to main content

Pipeline Scan example for an ASP.NET application in Azure DevOps

This example YAML code shows how to add a Pipeline Scan as a build stage in an Azure DevOps build pipeline for an ASP.NET application on Windows.

The example includes a script that downloads and unzips, to ensure you have the latest version, then runs pipeline-scan.jar using your API credentials. For improved stability, Veracode recommends that you change the script to use the Pipeline Scan Docker image.

- main

vmImage: "windows-latest"

solution: "**/*.sln"
buildPlatform: "Any CPU"
buildConfiguration: "Release"

- task: NuGetToolInstaller@1

- task: NuGetCommand@2
restoreSolution: "$(solution)"

- task: VSBuild@1
solution: "$(solution)"
msbuildArgs: '/p:DeployOnBuild=true /p:WebPublishMethod=Package /p:PackageAsSingleFile=true /p:SkipInvalidConfigurations=true /p:PackageLocation="$(build.artifactStagingDirectory)"'
platform: "$(buildPlatform)"
configuration: "$(buildConfiguration)"

- task: CmdLine@2
displayName: Veracode Pipeline Scan
script: |
curl -sSO
unzip -o
java -jar pipeline-scan.jar -vid $(VERACODE_API_ID) -vkey $(VERACODE_API_KEY) -f $(build.artifactstagingdirectory)\ || true
# VERACODE_API_ID and VERACODE_API_KEY environment variables must reference your API credentials.
# "|| true" specifies to continue build if Pipeline Scan discovers flaws.
# To fail the build for new flaws not listed in a baseline file, add an existing baseline file with "-bf <baseline filename>" and remove "|| true".

- task: PublishBuildArtifacts@1
displayName: Create Build Artifact for Veracode Pipeline Scan Results
PathtoPublish: "results.json"
ArtifactName: "Build"
publishLocation: "Container"